CVE-2021-40864

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Document Server Translate plugin versions 6.1.x through 6.3.x before 6.3.0.72

Description The issue is related to the lack of escape calls for the msg.data and text fields in the Translate plugin. This could potentially lead to security issues, although specific details about exploitation or affected devices are not provided.

Recommendations For versions 6.1.x through 6.3.x before 6.3.0.72, update to version 6.3.0.72 or later to resolve the issue. At the moment, there is no information about other mitigation measures for this specific issue.