Filtered by vendor Onlyoffice
Subscriptions
Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-47412 | 1 Onlyoffice | 1 Workspace | 2024-08-03 | 5.4 Medium |
Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | ||||
CVE-2022-29776 | 1 Onlyoffice | 2 Core, Document Server | 2024-08-03 | 9.8 Critical |
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | ||||
CVE-2022-29777 | 1 Onlyoffice | 2 Core, Document Server | 2024-08-03 | 9.8 Critical |
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | ||||
CVE-2022-24229 | 1 Onlyoffice | 1 Document Server | 2024-08-03 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | ||||
CVE-2023-34939 | 1 Onlyoffice | 1 Onlyoffice | 2024-08-02 | 9.8 Critical |
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | ||||
CVE-2023-30187 | 1 Onlyoffice | 1 Document Server | 2024-08-02 | 9.8 Critical |
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | ||||
CVE-2023-30186 | 1 Onlyoffice | 1 Document Server | 2024-08-02 | 9.8 Critical |
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | ||||
CVE-2023-30188 | 1 Onlyoffice | 1 Document Server | 2024-08-02 | 7.5 High |
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file. |