Browse all 8 CVE security advisories affecting ONLYOFFICE. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2025-68936 | ONLYOFFICE Docs 跨站脚本漏洞 — Document ServerCWE-79 | 6.4 | Medium | 2025-12-25 |
| CVE-2025-68935 | ONLYOFFICE Docs 跨站脚本漏洞 — Document ServerCWE-79 | 6.4 | Medium | 2025-12-25 |
| CVE-2025-68917 | ONLYOFFICE Docs 跨站脚本漏洞 — Document ServerCWE-79 | 6.4 | Medium | 2025-12-24 |
| CVE-2025-6380 | ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function — ONLYOFFICE DocsCWE-862 | 9.8 | Critical | 2025-07-24 |
| CVE-2025-5301 | Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) — Docs (DocumentServer)CWE-79 | 6.1AI | MediumAI | 2025-06-12 |
| CVE-2024-11750 | ONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — ONLYOFFICE DocSpaceCWE-79 | 6.4 | Medium | 2024-12-12 |
| CVE-2024-11450 | ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — ONLYOFFICE DocsCWE-79 | 6.4 | Medium | 2024-12-06 |
| CVE-2022-47412 | ONLYOFFICE Workspace Search Stored XSS — WorkspaceCWE-79 | 5.4 | - | 2023-02-07 |
This page lists every published CVE security advisory associated with ONLYOFFICE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.