exploitDog

GHSA-r5fg-8fjv-3w9h

Опубликовано: 12 июн. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.

Ссылки

EPSS

Процентиль: 90%

0.05349

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-5301

CVSS3: 6.1

nvd

8 месяцев назад

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.

BDU:2025-06823

CVSS3: 6.1

fstec

12 месяцев назад

Уязвимость реализации протокола WOPI офисного онлайн-пакета ONLYOFFICE Docs (DocumentServer), позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 90%

0.05349

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79