Vulnerability — CVE-2021-43446

CVE-2021-43446

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-43446
Description:: ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.
Last updated date:: 01/31/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/31/2023
Reference url to background: https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/