Vulnerabilities > Onlyoffice

DATE CVE VULNERABILITY TITLE RISK
2021-03-01 CVE-2021-25830 Unspecified vulnerability in Onlyoffice Document Server
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13.
network
low complexity
onlyoffice
critical
9.8
2021-03-01 CVE-2021-25829 Unspecified vulnerability in Onlyoffice Document Server
An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3.
network
low complexity
onlyoffice
7.5
2021-01-26 CVE-2021-3199 Path Traversal vulnerability in Onlyoffice Document Server
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /..
network
low complexity
onlyoffice CWE-22
critical
9.8
2020-04-15 CVE-2020-11537 SQL Injection vulnerability in Onlyoffice Document Server 5.5.0
A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0.
network
low complexity
onlyoffice CWE-89
critical
9.8
2020-04-15 CVE-2020-11536 Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0
An issue was discovered in ONLYOFFICE Document Server 5.5.0.
network
low complexity
onlyoffice CWE-20
critical
9.8
2020-04-15 CVE-2020-11535 XML Injection (aka Blind XPath Injection) vulnerability in Onlyoffice Document Server 5.5.0
An issue was discovered in ONLYOFFICE Document Server 5.5.0.
network
low complexity
onlyoffice CWE-91
critical
9.8
2020-04-15 CVE-2020-11534 Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0
An issue was discovered in ONLYOFFICE Document Server 5.5.0.
network
low complexity
onlyoffice CWE-20
critical
9.8