CVE-2025-5301 | OnlyOffice Docs up to 8.3.1 WOPI Protocol cross site scripting

Inserito da Angelo Barbosa | Giu 12, 2025 | CVE

A vulnerability was found in OnlyOffice Docs up to 8.3.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component WOPI Protocol Handler. The manipulation leads to cross site scripting.

This vulnerability is known as CVE-2025-5301. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-5301 | OnlyOffice Docs up to 8.3.1 WOPI Protocol cross site scripting

Post correlati

CVE-2024-10926 | IBPhoenix ibWebAdmin up to 1.0.2 Tabelas Section /toggle_fold_panel.php cross site scripting

CVE-2024-41868 | Adobe Audition up to 23.6.6/24.4.1 out-of-bounds (apsb24-54)

CVE-2024-39125 | Roundup up to 2.3.x HTTP Referer Header cross site scripting

CVE-2024-53156 | Linux Kernel up to 6.12.1 ath9k htc_hst.c htc_connect_service array index