CVE-2025-5301
published 2025-06-12CVE-2025-5301: ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI…
PriorityP348medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
34.86%
98.2th percentile
ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| onlyoffice | docs | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2025-5301 [MEDIUM] ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting
ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting
ONLYOFFICE Docs (DocumentServer) alert(document.domain) HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "{\"dchat\":", "alert(document.domain)")'
condition: and
# digest: 4a0a00473045022100eba4520e5ea4035a159aeaa06b0ff54314c67f5b747cd8469ad490776ad7646602206e912ed5216548eb6db38dd6d033602bab210cecec309e07baab47d9beec75db:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2025-06-12
Published