cve/CVE-2024-44085.md at 93476d6c370e261fdc1b2b03a08066de45e4892d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08

2025-09-29 16:08:36 +00:00

Description

ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.

POC

Reference

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-027.txt

Github

No PoCs found on GitHub currently.

779 B Raw Blame History

CVE-2024-44085

Description

POC

Reference

Github

779 B

Raw Blame History