Vulnerabilities > Onlyoffice > Document Server > 4.0.0.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-09 | CVE-2023-50883 | Cross-site Scripting vulnerability in Onlyoffice Document Server ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. | 6.1 |
2023-03-19 | CVE-2022-48422 | Uncontrolled Search Path Element vulnerability in Onlyoffice Document Server ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located. | 7.8 |
2022-06-02 | CVE-2022-29776 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 9.8 |
2022-06-02 | CVE-2022-29777 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | 9.8 |
2022-04-08 | CVE-2022-24229 | Cross-site Scripting vulnerability in Onlyoffice Document Server A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | 6.1 |
2021-03-01 | CVE-2021-25832 | Out-of-bounds Write vulnerability in Onlyoffice Document Server A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. | 9.8 |
2021-03-01 | CVE-2021-25831 | Unspecified vulnerability in Onlyoffice Document Server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. | 9.8 |
2021-03-01 | CVE-2021-25829 | Unspecified vulnerability in Onlyoffice Document Server An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. | 7.5 |
2021-01-26 | CVE-2021-3199 | Path Traversal vulnerability in Onlyoffice Document Server Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. | 9.8 |