CVE-2025-67918

Name of the Vulnerable Software and Affected Versions Woffice versions prior to 5.4.30

Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This means an attacker could potentially inject malicious scripts into a web page viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied data used in web page construction.

Recommendations Update Woffice to version 5.4.30 or later.