Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.
Selected category
11 Dec 2024
Business and Enterprise Solutions
ONLYOFFICE Docs Plugin: Stored Cross-Site Scripting Vulnerability
In ONLYOFFICE Docs Plugin for WordPress versions up to and including 2.0.0 a medium severity vulnerability CVE-2024-11450 was detected. This vulnerability allows attackers with contributor-level access or higher to inject arbitrary web scripts into pages via the ‘onlyoffice’ shortcode. These scripts execute whenever a user accesses an injected page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11450.
Read more Productivity