Описание
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
Ссылки
- Product
- ExploitThird Party Advisory
- https://www.syss.de/pentest-blog/cross-site-scripting-schwachstelle-in-onlyoffice-docs-syss-2023-027Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.1 (исключая)
cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00186
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
EPSS
Процентиль: 40%
0.00186
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79