Vulnerabilities > Onlyoffice
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-23 | CVE-2021-43447 | Missing Authentication for Critical Function vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. | 7.5 |
| 2023-01-23 | CVE-2021-43448 | Improper Input Validation vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. | 5.3 |
| 2023-01-23 | CVE-2021-43449 | Server-Side Request Forgery (SSRF) vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). | 8.1 |
| 2022-06-02 | CVE-2022-29776 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 9.8 |
| 2022-06-02 | CVE-2022-29777 | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | 9.8 |
| 2022-04-08 | CVE-2022-24229 | Cross-site Scripting vulnerability in Onlyoffice Document Server A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | 4.3 |
| 2021-09-10 | CVE-2021-40864 | Unspecified vulnerability in Onlyoffice Google Translate The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. | 7.5 |
| 2021-03-01 | CVE-2021-25833 | Path Traversal vulnerability in Onlyoffice Document Server A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. | 7.5 |
| 2021-03-01 | CVE-2021-25832 | Out-of-bounds Write vulnerability in Onlyoffice Document Server A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. | 7.5 |
| 2021-03-01 | CVE-2021-25831 | Unspecified vulnerability in Onlyoffice Document Server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. | 7.5 |