Arbitrary Code Execution Vulnerability in ONLYOFFICE DocumentServer

Arbitrary Code Execution Vulnerability in ONLYOFFICE DocumentServer

CVE-2023-30186 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

Learn more about our Cis Benchmark Audit For Microsoft Office.