Onlyoffice Document Server
3 CVEs affecting Onlyoffice Document Server. Latest disclosed: 2025-12-25. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-68936 | Medium | 6.4 | 2025-12-25 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer. |
CVE-2025-68935 | Medium | 6.4 | 2025-12-25 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer. |
CVE-2025-68917 | Medium | 6.4 | 2025-12-24 | ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer. |