Cross-Site Scripting (XSS) Vulnerability in ONLYOFFICE Document Editor's Macros Feature

CVE-2021-43446 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.

Learn more about our Cis Benchmark Audit For Microsoft Office.