Unrated severityOSV Advisory· Published Dec 25, 2025· Updated Dec 26, 2025
CVE-2025-68935
CVE-2025-68935
Description
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: ONLYOFFICE-DocumentServer-3.0.0, ONLYOFFICE-DocumentServer-4.0.0-9, ONLYOFFICE-DocumentServer-4.0.1-34, …
- Range: <9.2.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.