Vulnerabilities > Onlyoffice

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2021-43447 Missing Authentication for Critical Function vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.
network
low complexity
onlyoffice CWE-306
7.5
2023-01-23 CVE-2021-43448 Improper Input Validation vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation.
network
high complexity
onlyoffice CWE-20
5.3
2023-01-23 CVE-2021-43449 Server-Side Request Forgery (SSRF) vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF).
network
low complexity
onlyoffice CWE-918
8.1
2022-06-02 CVE-2022-29776 Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
network
low complexity
onlyoffice CWE-787
critical
9.8
2022-06-02 CVE-2022-29777 Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
network
low complexity
onlyoffice CWE-787
critical
9.8
2022-04-08 CVE-2022-24229 Cross-site Scripting vulnerability in Onlyoffice Document Server
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
network
low complexity
onlyoffice CWE-79
6.1
2021-09-10 CVE-2021-40864 Unspecified vulnerability in Onlyoffice Google Translate
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.
network
low complexity
onlyoffice
critical
9.8
2021-03-01 CVE-2021-25833 Path Traversal vulnerability in Onlyoffice Document Server
A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21.
network
low complexity
onlyoffice CWE-22
critical
9.8
2021-03-01 CVE-2021-25832 Out-of-bounds Write vulnerability in Onlyoffice Document Server
A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0.
network
low complexity
onlyoffice CWE-787
critical
9.8
2021-03-01 CVE-2021-25831 Unspecified vulnerability in Onlyoffice Document Server
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3.
network
low complexity
onlyoffice
critical
9.8