Security Advisory

CVE-2025-5301

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-12 07:59:05

Last updated 2025-06-18 04:08:26

Assigner SEC-VLab

State PUBLISHED

Description

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the servers HTML response.

← Browse all CVEs View on cve.org ↗