← Back

Onlyoffice

onlyoffice

Vendor: Onlyoffice • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-44085
1Onlyoffice
1Onlyoffice
Jul 3, 2025
Sep 9, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of a...Show more
ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.Show less
CVE-2023-34939
1Onlyoffice
1Onlyoffice
Nov 21, 2024
Jun 22, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.