Productivity Archives - Proactive Insights and Support For Open-Source Applications

1 Apr 2025 Business and Enterprise Solutions

Cal.com: Stored XSS Vulnerability Allows Malicious Scripts

In Cal.com versions up to and including 1.0.0 a medium severity vulnerability CVE-2025-31604 was detected. This vulnerability allows attackers to execute stored cross-site scripting (XSS) attacks by improperly neutralizing script-related HTML tags in a web page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-31604.

Read more Productivity

11 Dec 2024 Business and Enterprise Solutions

ONLYOFFICE Docs Plugin: Stored Cross-Site Scripting Vulnerability

In ONLYOFFICE Docs Plugin for WordPress versions up to and including 2.0.0 a medium severity vulnerability CVE-2024-11450 was detected. This vulnerability allows attackers with contributor-level access or higher to inject arbitrary web scripts into pages via the ‘onlyoffice’ shortcode. These scripts execute whenever a user accesses an injected page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11450.