Document Server
Approved changes feed: RSS · Atom
cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Onlyoffice (aa7cc050-0dc3-5b16-8f30-50874a0ca7d2) |
|---|---|
| Product | Document Server (98959d25-6982-5419-9a75-714317655e7f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/onlyoffice/documentserver |
purl2cpe | 2026-06-01 10:18:00.395255 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-68936 |
vulnerable | 2026-06-08 07:41:21.951318 |
Details available
MEDIUM (6.4)
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
Published: 2025-12-25T20:07:55.864Z
Updated: 2025-12-26T14:51:24.365Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68935 |
vulnerable | 2026-06-08 07:41:21.951093 |
Details available
MEDIUM (6.4)
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
Published: 2025-12-25T20:05:48.545Z
Updated: 2025-12-26T14:51:29.788Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68917 |
vulnerable | 2026-06-08 07:41:21.910903 |
Details available
MEDIUM (6.4)
ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.
Published: 2025-12-24T20:19:25.402Z
Updated: 2025-12-24T20:38:16.538Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50883 |
vulnerable | 2026-06-08 06:16:16.939003 |
Details available
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.
Published: 2024-09-09T00:00:00.000Z
Updated: 2024-09-10T14:24:40.310Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46988 |
vulnerable | 2026-06-08 06:14:23.757482 |
Details available
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS).
Published: 2025-04-01T00:00:00.000Z
Updated: 2025-04-15T22:29:50.052Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-30188 |
vulnerable | 2026-06-08 06:02:43.884555 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-30187 |
vulnerable | 2026-06-08 06:02:43.884070 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-30186 |
vulnerable | 2026-06-08 06:02:43.883516 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-48422 |
vulnerable | 2026-06-08 05:51:34.485130 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29777 |
vulnerable | 2026-06-08 05:42:48.808123 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29776 |
vulnerable | 2026-06-08 05:42:48.807702 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24229 |
vulnerable | 2026-06-08 05:40:59.754543 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3199 |
vulnerable | 2026-06-08 05:33:51.023555 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25833 |
vulnerable | 2026-06-08 05:30:41.593650 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25832 |
vulnerable | 2026-06-08 05:30:41.593165 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25831 |
vulnerable | 2026-06-08 05:30:41.592770 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25830 |
vulnerable | 2026-06-08 05:30:41.592257 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25829 |
vulnerable | 2026-06-08 05:30:41.591767 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.