Onlyoffice · Onlyoffice Document Server Translate Plugin · CVE-2021-40864
**Name of the Vulnerable Software and Affected Versions**
ONLYOFFICE Document Server Translate plugin versions 6.1.x through 6.3.x before 6.3.0.72
**Description**
The issue is related to the lack of escape calls for the `msg.data` and `text` fields in the Translate plugin. This could potentially lead to security issues, although specific details about exploitation or affected devices are not provided.
**Recommendations**
For versions 6.1.x through 6.3.x before 6.3.0.72, update to version 6.3.0.72 or later to resolve the issue.
At the moment, there is no information about other mitigation measures for this specific issue.