Lucene search
MitreVULNRICHMENT:CVE-2023-50883HistorySep 09, 2024 - 12:00 a.m.
CVE-2023-50883
2024-09-0900:00:00
mitre
github.com
3
onlyoffice
docs
xss
vulnerability
macro
sandbox
escape
constructor
function object
incorrect fix
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
35.4%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:onlyoffice:docs:*:*:*:*:*:*:*:*"
],
"vendor": "onlyoffice",
"product": "docs",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "8.0.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
osv
osv
CVE-2023-50883
2024-09-09 20:15:03
CVE-2021-43446
2023-01-23 15:15:13
cvelist
cvelist
cve
cve
vulnrichment
vulnrichment
CVE-2024-44085
2024-09-09 00:00:00
prion
prion
Cross site scripting
2023-01-23 15:15:00
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
35.4%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-50883