Every CVE whose affected-product data names Onlyoffice Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-43445 — CVSS 9.8 (critical): ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service…
CVE-2021-43449 — CVSS 8.1 (high): ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to…
CVE-2021-43444 — CVSS 7.5 (high): ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak…
CVE-2021-43447 — CVSS 7.5 (high): ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows…
CVE-2021-43446 — CVSS 6.1 (medium): ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows…
CVE-2021-43448 — CVSS 5.3 (medium): ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to…