Vulnerabilities > Onlyoffice > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2023-50883 | Cross-site Scripting vulnerability in Onlyoffice Document Server ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. | 6.1 |
| 2023-02-07 | CVE-2022-47412 | Cross-site Scripting vulnerability in Onlyoffice Workspace Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | 5.4 |
| 2023-01-23 | CVE-2021-43446 | Cross-site Scripting vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2023-01-23 | CVE-2021-43448 | Improper Input Validation vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. | 5.3 |
| 2022-04-08 | CVE-2022-24229 | Cross-site Scripting vulnerability in Onlyoffice Document Server A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | 4.3 |