Filtered by vendor Onlyoffice
Subscriptions
Filtered by product Document Server
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11534 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server. | ||||
| CVE-2023-50883 | 1 Onlyoffice | 2 Docs, Document Server | 2024-09-20 | 6.1 Medium |
| ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446. | ||||