Vulnerabilities > Onlyoffice
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-01 | CVE-2021-25830 | Unspecified vulnerability in Onlyoffice Document Server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. | 9.8 |
| 2021-03-01 | CVE-2021-25829 | Unspecified vulnerability in Onlyoffice Document Server An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. | 7.5 |
| 2021-01-26 | CVE-2021-3199 | Path Traversal vulnerability in Onlyoffice Document Server Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. | 9.8 |
| 2020-04-15 | CVE-2020-11537 | SQL Injection vulnerability in Onlyoffice Document Server 5.5.0 A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |
| 2020-04-15 | CVE-2020-11536 | Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |
| 2020-04-15 | CVE-2020-11535 | XML Injection (aka Blind XPath Injection) vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |
| 2020-04-15 | CVE-2020-11534 | Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |