CVE-2025-68936

Publication date

2025-12-25 20:07:55

Family

mitre

State

PUBLISHED

Description

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.