Arbitrary Code Execution Vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2

Arbitrary Code Execution Vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2

CVE-2023-30187 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

Learn more about our Cis Benchmark Audit For Microsoft Office.