CVE-2021-43448

2023-01-2300:00:00

mitre

www.cve.org

vulnerability

onlyoffice

input validation

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known.

References

github.com/ONLYOFFICE/server

labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/

www.onlyoffice.com/