Arbitrary Code Execution Vulnerability in ONLYOFFICE DocumentServer
CVE-2023-30186 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
Learn more about our Cis Benchmark Audit For Microsoft Office.