CVE-2021-40864

CVE-2021-40864

EPSS 2.2%

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/ONLYOFFICE/plugin-translator/commit/2206c0179cb97e3b8b290a0ab5719b1f0f54542b https://github.com/ONLYOFFICE/plugin-translator/compare/v6.3.0.71...v6.3.0.72