Onlyoffice Document_server
21 CVEs affecting Onlyoffice Document_server. Latest disclosed: 2025-12-25. Critical: 13, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-30187 | Critical | 9.8 | 2023-08-14 | An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScr… |
CVE-2023-30186 | Critical | 9.8 | 2023-08-14 | A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. |
CVE-2022-29777 | Critical | 9.8 | 2022-06-02 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/f… |
CVE-2022-29776 | Critical | 9.8 | 2022-06-02 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File… |
CVE-2021-25833 | Critical | 9.8 | 2021-03-01 | A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker… |
CVE-2021-25832 | Critical | 9.8 | 2021-03-01 | A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnera… |
CVE-2021-25831 | Critical | 9.8 | 2021-03-01 | A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted… |
CVE-2021-25830 | Critical | 9.8 | 2021-03-01 | A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the cr… |
CVE-2021-3199 | Critical | 9.8 | 2021-01-26 | Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an imag… |
CVE-2020-11537 | Critical | 9.8 | 2020-04-15 | A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Web… |
CVE-2020-11536 | Critical | 9.8 | 2020-04-15 | An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary a… |
CVE-2020-11535 | Critical | 9.8 | 2020-04-15 | An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-contr… |
CVE-2020-11534 | Critical | 9.8 | 2020-04-15 | An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass pa… |
CVE-2022-48422 | High | 7.8 | 2023-03-19 | ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working direct… |
CVE-2023-30188 | High | 7.5 | 2023-08-14 | Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript f… |
CVE-2021-25829 | High | 7.5 | 2021-03-01 | An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able… |
CVE-2023-46988 | Medium | 6.7 | 2025-04-01 | Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter… |
CVE-2025-68936 | Medium | 6.4 | 2025-12-25 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer. |
CVE-2025-68935 | Medium | 6.4 | 2025-12-25 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer. |
CVE-2023-50883 | Medium | 6.1 | 2024-09-09 | ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by dir… |