ONLYOFFICE Docs vulnerable to XSS due to incorrect fix for CVE-2021-43446
CVE-2023-50883

6.1MEDIUM

Key Information:

Vendor: ONLYOFFICE
Status: Document Server
Vendor: CVE Published:; 9 September 2024

What is CVE-2023-50883?

ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446.

References

https://www.onlyoffice.com/

https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...

https://www.syss.de/pentest-blog/cross-site-scripting-sch...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Dec 15, 2023

JSON