CVE-2021-40864

CVE-2021-40864

EPSS 2.2%

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/ONLYOFFICE/plugin-translator/commit/2206c0179cb97e3b8b290a0ab5719b1f0f54542b https://github.com/ONLYOFFICE/plugin-translator/compare/v6.3.0.71...v6.3.0.72