Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44085 | 1 Onlyoffice | 1 Onlyoffice | 2025-07-03 | N/A | 6.1 MEDIUM |
| ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. | |||||
| CVE-2023-34939 | 1 Onlyoffice | 1 Onlyoffice | 2024-11-21 | N/A | 9.8 CRITICAL |
| Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | |||||