Filtered by vendor Onlyoffice Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-47412 1 Onlyoffice 1 Workspace 2024-08-03 5.4 Medium
Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.
CVE-2022-29776 1 Onlyoffice 2 Core, Document Server 2024-08-03 9.8 Critical
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVE-2022-29777 1 Onlyoffice 2 Core, Document Server 2024-08-03 9.8 Critical
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
CVE-2022-24229 1 Onlyoffice 1 Document Server 2024-08-03 6.1 Medium
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
CVE-2023-34939 1 Onlyoffice 1 Onlyoffice 2024-08-02 9.8 Critical
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
CVE-2023-30187 1 Onlyoffice 1 Document Server 2024-08-02 9.8 Critical
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVE-2023-30186 1 Onlyoffice 1 Document Server 2024-08-02 9.8 Critical
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVE-2023-30188 1 Onlyoffice 1 Document Server 2024-08-02 7.5 High
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.