Vulnerabilities > CVE-2021-40864 - Unspecified vulnerability in Onlyoffice Google Translate
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.
Vulnerable Configurations
References
- https://github.com/ONLYOFFICE/plugin-translator/commit/2206c0179cb97e3b8b290a0ab5719b1f0f54542b
- https://github.com/ONLYOFFICE/plugin-translator/commit/2206c0179cb97e3b8b290a0ab5719b1f0f54542b
- https://github.com/ONLYOFFICE/plugin-translator/compare/v6.3.0.71...v6.3.0.72
- https://github.com/ONLYOFFICE/plugin-translator/compare/v6.3.0.71...v6.3.0.72