CVE-2025-68935 – ONLYOFFICE Docs Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-68935

Published : Dec. 25, 2025, 8:05 p.m. | 16 minutes ago

Description : ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-68936 – ONLYOFFICE Docs Cross-Site Scripting Vulnerability

CVE-2025-15085 – youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization

CVE-2025-15084 – youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control

CVE-2025-15083 – TOZED ZLT M30s UART on-chip debug and test interface with improper access control