Количество 3
Количество 3
CVE-2025-5301
ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.
GHSA-r5fg-8fjv-3w9h
ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.
BDU:2025-06823
Уязвимость реализации протокола WOPI офисного онлайн-пакета ONLYOFFICE Docs (DocumentServer), позволяющая нарушителю проводить межсайтовые сценарные атаки
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-5301 ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response. | CVSS3: 6.1 | 5% Низкий | 8 месяцев назад |
| GHSA-r5fg-8fjv-3w9h ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response. | CVSS3: 6.1 | 5% Низкий | 8 месяцев назад |
 | BDU:2025-06823 Уязвимость реализации протокола WOPI офисного онлайн-пакета ONLYOFFICE Docs (DocumentServer), позволяющая нарушителю проводить межсайтовые сценарные атаки | CVSS3: 6.1 | 5% Низкий | 12 месяцев назад |
Уязвимостей на страницу