AI Score
Confidence
High
EPSS
Percentile
35.4%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
[
{
"cpes": [
"cpe:2.3:a:onlyoffice:docs:*:*:*:*:*:*:*:*"
],
"vendor": "onlyoffice",
"product": "docs",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "8.0.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]