Products
ONLYOFFICE Docs
- before 8.1.0
Source
cve@mitre.org
Tags
CVE-2024-44085 details
Published : Sept. 9, 2024, 8:15 p.m.
Last Modified : Sept. 9, 2024, 8:15 p.m.
Last Modified : Sept. 9, 2024, 8:15 p.m.
Description
ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://www.onlyoffice.com/ | cve@mitre.org |
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-027.txt | cve@mitre.org |
| https://www.syss.de/pentest-blog/cross-site-scripting-schwachstelle-in-onlyoffice-docs-syss-2023-027 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.