📦 Document Server
by Onlyoffice
🔍 What is Document Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2023-30187 is a critical out-of-bounds memory access vulnerability in ONLYOFFICE DocumentServer that allows remote attackers to execute arbitrary code via crafted JavaScript files. This affects or...
CVE-2022-29776 is a critical stack overflow vulnerability in ONLYOFFICE Document Server and Core that allows remote code execution by sending specially crafted files. Attackers can exploit this to exe...
CVE-2021-25830 is a critical remote code execution vulnerability in ONLYOFFICE DocumentServer. Attackers can exploit improper file extension handling during DOCT to DOCX conversion to execute arbitrar...
A heap buffer overflow vulnerability in BMP image processing within ONLYOFFICE DocumentServer allows remote code execution. Attackers can exploit this by uploading malicious BMP files to achieve full ...
CVE-2021-3199 is a critical directory traversal vulnerability in ONLYOFFICE Document Server that allows authenticated attackers to upload malicious files to arbitrary locations via the /upload endpoin...
This vulnerability allows local users on Linux systems to escalate privileges by placing a malicious libgcc_s.so.1 library in a directory where ONLYOFFICE Docs is executed. The application loads this ...
CVE-2021-25829 is an improper binary stream data handling vulnerability in ONLYOFFICE DocumentServer that allows attackers to cause denial of service by sending specially crafted documents. This affec...
CVE-2025-68935 is a cross-site scripting (XSS) vulnerability in ONLYOFFICE Docs DocumentServer that allows attackers to inject malicious scripts via the Font field in Multilevel list settings. This af...
This vulnerability allows cross-site scripting (XSS) attacks through the Color theme name feature in ONLYOFFICE Docs. Attackers can inject malicious scripts that execute in users' browsers when they i...
A path traversal vulnerability in ONLYOFFICE Document Server allows remote attackers to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint. This can lead to una...