ONLYOFFICE Document Server (ONLYOFFICE Docs) 7.1.0

CPE Details

ONLYOFFICE Document Server (ONLYOFFICE Docs) 7.1.0
onlyoffice
document_server
7.1.0
2024-10-02
18h07 +00:00
2024-10-02
18h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:onlyoffice:document_server:7.1.0:*:*:*:*:*:*:*

Informations

Vendor

onlyoffice

Product

document_server

Version

7.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-50883 2024-09-08 22h00 +00:00 ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
6.1
Medium
CVE-2023-30186 2023-08-13 22h00 +00:00 A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
9.8
Critical
CVE-2023-30187 2023-08-13 22h00 +00:00 An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
9.8
Critical
CVE-2023-30188 2023-08-13 22h00 +00:00 Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
7.5
High
CVE-2022-48422 2023-03-19 00h00 +00:00 ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.
7.8
High