CVE-2025-10255 | Ascensio System SIA OnlyOffice up to 12.7.0 Comment Messages.aspx cross site scripting

A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0 and classified as problematic. Impacted is an unknown function of the file /Products/Projects/Messages.aspx of the component Comment Handler. Executing manipulation can lead to cross site scripting.

The identification of this vulnerability is CVE-2025-10255. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was informed early about this issue and replied: “We are already working on this case, and the issues will be resolved in one of the upcoming patches.”

CVE-2025-10255 | Ascensio System SIA OnlyOffice up to 12.7.0 Comment Messages.aspx cross site scripting

Post correlati

CVE-2023-6831 | mlflow up to 2.9.1 path traversal

CVE-2024-31924 | Exactly WWW EWWW Image Optimizer Plugin up to 7.2.3 on WordPress cross-site request forgery

CVE-2025-7936 | fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a ScheduleJobLogController.java queryPage beanName/methodName sql injection (ICLIK1)

CVE-2021-47212 | Linux Kernel up to 5.15.4 mlx5 state issue (a51a6da375d8/ba50cd9451f6)