Onlyoffice · Onlyoffice Document Server · CVE-2022-24229
**Name of the Vulnerable Software and Affected Versions**
ONLYOFFICE Document Server Example versions prior to 7.0.0
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML or JavaScript through the "/example/editor" API endpoint. This enables attackers to execute malicious scripts on the client-side.
**Recommendations**
For versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/example/editor" API endpoint to minimize the risk of exploitation.