Vulnerability Details CVE-2022-47412
Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#733
- https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/
- https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#733
- https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/
Products affected by CVE-2022-47412
-
cpe:2.3:a:onlyoffice:workspace:*