Onlyoffice Document Server vulnerabilities
22 known vulnerabilities affecting onlyoffice/document_server.
Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH3MEDIUM6
Vulnerabilities
Page 2 of 2
CVE-2025-68936P4MEDIUMCVSS 6.1fixed in 9.2.12025-12-25
CVE-2025-68936 [MEDIUM] CWE-79 CVE-2025-68936: ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
nvd
CVE-2025-68935P4MEDIUMCVSS 6.1fixed in 9.2.12025-12-25
CVE-2025-68935 [MEDIUM] CWE-79 CVE-2025-68935: ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window.
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
nvd
← Previous2 / 2