Vulnerabilidades em onlyoffice
8 resultadosCVE-2025-5301MEDIUMReflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)EPSS 34.9%CVE-2025-6380CRITICALONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback FunctionEPSS 0.7%CVE-2022-47412MEDIUMONLYOFFICE Workspace Search Stored XSSEPSS 0.6%CVE-2024-11750MEDIUMONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-11450MEDIUMONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-68935MEDIUMONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.EPSS 0.2%CVE-2025-68936MEDIUMONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.EPSS 0.2%CVE-2025-68917MEDIUMONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.EPSS 0.2%