Onlyoffice: >> Document Server >> 4.0.0-9 Security Vulnerabilities
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-09-09
ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-03-19
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVSS Score
9.8
EPSS Score
0.175
Published
2022-06-02
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
CVSS Score
9.8
EPSS Score
0.175
Published
2022-06-02
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-08
An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-03-01
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer.
CVSS Score
9.8
EPSS Score
0.036
Published
2021-03-01
A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.
CVSS Score
9.8
EPSS Score
0.083
Published
2021-03-01
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.
CVSS Score
9.8
EPSS Score
0.068
Published
2021-01-26