Sign in Get started

← All advisories

Unrated severityOSV Advisory· Published Dec 25, 2025· Updated Dec 26, 2025

CVE-2025-68935

CVE-2025-68935

Description

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.

Affected products

1

ONLYOFFICE/DocumentserverOSV
Range: ONLYOFFICE-DocumentServer-3.0.0, ONLYOFFICE-DocumentServer-4.0.0-9, ONLYOFFICE-DocumentServer-4.0.1-34, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.mdmitre

News mentions

0

No linked articles in our index yet.