216.73.217.64

CVE-2025-5301

· Published 12/06/2025 08:15 · Modified 12/06/2025 16:06

Labels: CVE-2025-5301 2025-06-12551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2025-5301CWE-79

Essential information

Published
12/06/2025 08:15
Modified
12/06/2025 16:06
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

Affected products (CPE)

ProductCPE
onlyoffice / docs cpe:2.3:a:onlyoffice:docs:*:<8.3.1:*:*:*:*:*:*

References