cbcvebase.
CVE-2025-5301
published 2025-06-12

CVE-2025-5301: ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI…

PriorityP348medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
34.86%
98.2th percentile
ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.

Affected

1 ranges
VendorProductVersion rangeFixed in
onlyofficedocs
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.