Onlyoffice: community verdicts
3 notable / known-exploited Onlyoffice CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Onlyoffice CVE, see NVD ↗.
- CVE-2023-30187CRIT 9.8Real · low riskEPSS 2%
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
- CVE-2023-30186CRIT 9.8Real · low riskEPSS 2%
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
- CVE-2023-30188HIGH 7.5Real · low riskEPSS 2%
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.