Filtered by vendor Onlyoffice
Subscriptions
Filtered by product Docs
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50883 | 1 Onlyoffice | 2 Docs, Document Server | 2024-09-20 | 6.1 Medium |
| ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446. | ||||
| CVE-2024-44085 | 1 Onlyoffice | 1 Docs | 2024-09-10 | 6.1 Medium |
| ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. | ||||
Page 1 of 1.