CVE-2022-47412

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Workspace DMS (affected versions not specified) Mayan EDMS DMS (affected versions not specified)

Description The issue is related to a stored cross-site scripting (XSS) condition. This occurs when a malicious document provided by an attacker is used, allowing for potential exploitation. The vulnerability exists due to insufficient encryption of user-input data. Successful exploitation can enable an attacker to perform cross-site scripting attacks. There is also mention of an XSS vulnerability in the Mayan EDMS DMS, specifically observed in the in-product tagging system.

Recommendations For ONLYOFFICE Workspace DMS, consider disabling the handling of malicious documents until a patch is available. For Mayan EDMS DMS, restrict access to the in-product tagging system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.