Vulnerabilities > Onlyoffice > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-09 CVE-2023-50883 Cross-site Scripting vulnerability in Onlyoffice Document Server
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object.
network
low complexity
onlyoffice CWE-79
6.1
2023-02-07 CVE-2022-47412 Cross-site Scripting vulnerability in Onlyoffice Workspace
Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.
network
low complexity
onlyoffice CWE-79
5.4
2023-01-23 CVE-2021-43446 Cross-site Scripting vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
onlyoffice CWE-79
6.1
2023-01-23 CVE-2021-43448 Improper Input Validation vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation.
network
high complexity
onlyoffice CWE-20
5.3
2022-04-08 CVE-2022-24229 Cross-site Scripting vulnerability in Onlyoffice Document Server
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
network
low complexity
onlyoffice CWE-79
6.1