ONLYOFFICE Document Server

CPE Details

ONLYOFFICE Document Server
onlyoffice
document_server
-
2022-04-13
12h40 +00:00
2022-04-20
12h25 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:onlyoffice:document_server:-:*:*:*:*:*:*:*

Informations

Vendor

onlyoffice

Product

document_server

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-50883 2024-09-08 22h00 +00:00 ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
6.1
Medium
CVE-2022-48422 2023-03-19 00h00 +00:00 ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.
7.8
High
CVE-2022-29777 2022-06-01 10h51 +00:00 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
9.8
Critical
CVE-2022-29776 2022-06-01 10h51 +00:00 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
9.8
Critical
CVE-2022-24229 2022-04-08 09h06 +00:00 A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
6.1
Medium
CVE-2021-3199 2021-01-22 01h41 +00:00 Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.
9.8
Critical