Onlyoffice: Security Vulnerabilities
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-01-23
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.
CVSS Score
6.1
EPSS Score
0.058
Published
2023-01-23
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-01-23
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-01-23
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.
CVSS Score
8.1
EPSS Score
0.013
Published
2023-01-23
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVSS Score
9.8
EPSS Score
0.162
Published
2022-06-02
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
CVSS Score
9.8
EPSS Score
0.162
Published
2022-06-02
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-08
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-10
An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-03-01