CVE-2022-24229

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
2
PROJECTS

Description

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.

ONLYOFFICE/DocumentServer
ONLYOFFICE/DocumentServer
ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
GitHubGitHub
6.58K
ONLYOFFICE/document-server-integration
ONLYOFFICE/document-server-integration
Examples on how to integrate ONLYOFFICE Document Server into your own website or application
GitHubGitHub
215