Onlyoffice Document Server

3 CVEs affecting Onlyoffice Document Server. Latest disclosed: 2025-12-25. Critical: 0, High: 0.

Top CVEs affecting Onlyoffice Document Server
CVESeverityScorePublishedSummary
CVE-2025-68936Medium6.42025-12-25ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
CVE-2025-68935Medium6.42025-12-25ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
CVE-2025-68917Medium6.42025-12-24ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.