CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-44085

ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.6%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.onlyoffice.com/
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-027.txt
https://www.syss.de/pentest-blog/cross-site-scripting-schwachstelle-in-onlyoffice-docs-syss-2023-027

Products affected by CVE-2024-44085

Onlyoffice » Onlyoffice » Version: Any

cpe:2.3:a:onlyoffice:onlyoffice:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-44085

Products

Pricing

Contact Us