Iain Wallace

**Name of the Vulnerable Software and Affected Versions** ONLYOFFICE all versions as of 2021-11-08 **Description** The issue allows for Server-Side Request Forgery (SSRF), where the document editor service can be exploited to read and serve arbitrary URLs as a document. **Recommendations** For all versions as of 2021-11-08, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ONLYOFFICE versions prior to the version released after 2021-11-08 **Description** The issue concerns a Cross Site Scripting (XSS) problem. The "macros" feature of the document editor in ONLYOFFICE allows malicious cross site scripting payloads to be used. **Recommendations** For versions prior to the version released after 2021-11-08, consider disabling the "macros" feature of the document editor until a patch is available. Restrict access to the document editor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ONLYOFFICE all versions as of 2021-11-08 **Description** The issue is related to Incorrect Access Control, specifically an authentication bypass in the document editor. This allows attackers to edit documents without proper authentication. **Recommendations** For all versions as of 2021-11-08, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ONLYOFFICE all versions as of 2021-11-08 **Description** The issue is related to Improper Input Validation, which can be exploited if the document id is known, allowing an attacker to spoof user names who interact with a document. **Recommendations** For all versions as of 2021-11-08, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ONLYOFFICE all versions as of 2021-11-08 **Description** The issue is related to Incorrect Access Control, allowing an attacker to authenticate with the web socket service of the ONLYOFFICE document editor. This service is protected by JWT auth, but an attacker can use a default JWT signing key to gain access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ONLYOFFICE versions prior to 2021-11-08 **Description** Incorrect access control allows signed document download URLs to be forged because of a weak default URL signing key. Additionally, an unauthenticated WebSocket allows for document downloads, macro injection, and Server-Side Request Forgery (SSRF), which is a technique where an attacker forces a server to make requests to an unintended location. This is facilitated by a default JSON Web Token (JWT) key set to `secret`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** custom-content-type-manager Wordpress plugin (affected versions not specified) **Description** The issue is related to incorrect code generation management in the custom-content-type-manager plugin for WordPress. It allows a remote attacker to execute arbitrary PHP code. This can be achieved by an administrator, enabling arbitrary remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpWhois (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code via a crafted whois record. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.