Cross site scripting

2023-01-2315:15:00

PRIOn knowledge base

www.prio-n.com

onlyoffice

document editor

cross site scripting

EPSS

0.001

Percentile

34.5%

JSON

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The “macros” feature of the document editor allows malicious cross site scripting payloads to be used.

CPENameOperatorVersion
serverle7.0.0.49

CPE	Name	Operator	Version
	server	le	7.0.0.49

References

github.com/ONLYOFFICE/server

labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/

onlyoffice.com/

EPSS

0.001

Percentile

34.5%

JSON

Related for PRION:CVE-2021-43446