CVE-2025-5301 – ONLYOFFICE Docs DocumentServer Reflected Cross-Site Scripting Vulnerability

June 12, 2025

CVE ID : CVE-2025-5301

Published : June 12, 2025, 8:15 a.m. | 1 hour, 43 minutes ago

Description : ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server’s HTML response.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6003 – WordPress Single Sign-On (SSO) Plugin Unauthenticated Sensitive Data Disclosure

Next Article CVE-2025-40592 – Mendix Studio Pro Path Traversal Vulnerability

Highlights

CVE-2025-5633 – Content Management System and News-Buzz SQL Injection Vulnerability

June 5, 2025

CVE ID : CVE-2025-5633

Published : June 5, 2025, 4:15 a.m. | 2 hours, 41 minutes ago

Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-5301 – ONLYOFFICE Docs DocumentServer Reflected Cross-Site Scripting Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network

CVE-2025-3482 – MedDream PACS Server DICOM File Parsing Remote Code Execution Vulnerability

IRS open-sources Direct File tax software amid political and industry pushback – here’s why

CVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

Rilasciato Wine 10.7: Maggiori Prestazioni e Altre Novità

CVE-2025-5633 – Content Management System and News-Buzz SQL Injection Vulnerability

The fastest laptops of 2025: Expert tested and reviewed

Rilasciato Qt 6.9: il framework per interfacce grafiche si aggiorna con prestazioni potenziate e nuovo supporto emoji

PIM for Azure Resources

CVE-2025-5301 – ONLYOFFICE Docs DocumentServer Reflected Cross-Site Scripting Vulnerability

Related Posts