CNNVD-202509-1648 Information
Sep 11, 2025
cve
CNNVD ID
CNNVD-202509-1648
Related CVE
- CNNVD Published: 2025-09-11
Description (Chinese)
Ascensio System ONLYOFFICE是拉脱维亚Ascensio System公司的一款办公软件。 Ascensio System ONLYOFFICE 12.7.0及之前版本存在安全漏洞,该漏洞源于对文件/Products/Projects/Messages.aspx中组件Comment Handler的错误操作,可能导致跨站脚本攻击。
Description (English)
Ascensio System ONLYOFFICE is an office software for the Latvian company Ascensio System. Ascensio System ONLYOFFICE 12.7.0 and previous versions had a security loophole, which stemmed from an error in the operation of component Comment Handler of document/Producs/Projects/Messages.aspx, which could result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ascertia
Published
2025-09-11
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.323615 https://vuldb.com/?id.323615 https://vuldb.com/?submit.635871 https://hkohi.ca/vulnerability/21 https://access.redhat.com/security/cve/cve-2025-10255
Share on: