Onlyoffice: >> Document Server >> 3.0.0 Security Vulnerabilities
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-12-25
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-12-25
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-09-09
ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-03-19
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVSS Score
9.8
EPSS Score
0.162
Published
2022-06-02
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
CVSS Score
9.8
EPSS Score
0.162
Published
2022-06-02
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-08
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.
CVSS Score
9.8
EPSS Score
0.068
Published
2021-01-26