CVEs-PoC/2025/CVE-2025-5301.md at 4e4e30233e70832d643d5c6ab6fbfa6f130b4bb1

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-30 04:59:31 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.

POC

Reference

http://seclists.org/fulldisclosure/2025/Jun/18
https://r.sec-consult.com/onlyoffice
https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-onlyoffice-docs-documentserver/

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2025-5301

Description

POC

Reference

Github

1.0 KiB

Raw Blame History