Onlyoffice

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-68936 1Onlyoffice 1Document Server Jan 2, 2026 Dec 25, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
CVE-2025-68935 1Onlyoffice 1Document Server Jan 2, 2026 Dec 25, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
CVE-2023-46988 1Onlyoffice 1Document Server Oct 1, 2025 Apr 1, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized acc...Show more Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS).Show less
CVE-2024-44085 1Onlyoffice 1Onlyoffice Jul 3, 2025 Sep 9, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of a...Show more ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.Show less
CVE-2023-50883 1Onlyoffice 1Document Server Sep 20, 2024 Sep 9, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: t...Show more ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.Show less
CVE-2023-30188 1Onlyoffice 1Document Server Nov 21, 2024 Aug 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
CVE-2023-30187 1Onlyoffice 1Document Server Nov 21, 2024 Aug 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVE-2023-30186 1Onlyoffice 1Document Server Nov 21, 2024 Aug 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVE-2023-34939 1Onlyoffice 1Onlyoffice Nov 21, 2024 Jun 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
CVE-2022-48422 1Onlyoffice 1Document Server Feb 27, 2025 Mar 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE docume...Show more ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.Show less
CVE-2022-47412 1Onlyoffice 1Workspace Mar 25, 2025 Feb 7, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.
CVE-2021-43449 1Onlyoffice 1Server Apr 2, 2025 Jan 23, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.
CVE-2021-43448 1Onlyoffice 1Server Apr 2, 2025 Jan 23, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known.
CVE-2021-43447 1Onlyoffice 1Server Apr 2, 2025 Jan 23, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication.
CVE-2021-43446 1Onlyoffice 1Server Apr 2, 2025 Jan 23, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.
CVE-2021-43445 1Onlyoffice 1Server Apr 2, 2025 Jan 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a defau...Show more ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.Show less
CVE-2021-43444 1Onlyoffice 1Server Apr 2, 2025 Jan 23, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key.
CVE-2022-29777 1Onlyoffice 2Core Document Server Nov 21, 2024 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
CVE-2022-29776 1Onlyoffice 2Core Document Server Nov 21, 2024 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVE-2022-24229 1Onlyoffice 1Document Server Nov 21, 2024 Apr 8, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.

12 Next