Onlyoffice: >> Onlyoffice Security Vulnerabilities
ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-09
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
CVSS Score
9.8
EPSS Score
0.124
Published
2023-06-22