CVE-2022-24229

CVE-2022-24229

EPSS 1.8%

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/ONLYOFFICE/DocumentServer https://github.com/ONLYOFFICE/document-server-integration/issues/252 https://www.onlyoffice.com/