CNNVD-202506-1651 Information
CNNVD ID
CNNVD-202506-1651
Related CVE
- CNNVD Published: 2025-06-12
Description (Chinese)
ONLYOFFICE Docs是ONLYOFFICE公司的一款在线办公软件。 ONLYOFFICE Docs 8.3.1及之前版本存在跨站脚本漏洞,该漏洞源于通过WOPI协议打开文件时存在反射型跨站脚本,可能导致执行恶意脚本。
Description (English)
ONLYOFICE Docs is an online office software for ONLYOFFICE. ONLYFOFFICE Docs 8.3.1 and previous versions had a cross-site script loophole, which stemmed from the reflection-type cross-site script that could result in the execution of malicious scripts when documents were opened through the WOPI protocol.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
ONLYOFFICE
Published
2025-06-12
Last Modified
2026-02-24
References
https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-onlyoffice-docs-documentserver/ https://r.sec-consult.com/onlyoffice https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#832 https://nvd.nist.gov/vuln/detail/CVE-2025-5301
Patch
https://github.com/ONLYOFFICE/DocumentServer/releases
Share on: