{"id":"CVE-2025-68917","details":"ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.","modified":"2026-07-15T01:48:54.581490985Z","published":"2025-12-24T20:19:25.402Z","database_specific":{"cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68917.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#921"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68917.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68917"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/onlyoffice/documentserver","events":[{"introduced":"0"},{"fixed":"4aa313fcbd0902d1730a8fd3c482bf3ac10ec88d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"9.2.1"}],"source":["AFFECTED_FIELD","DESCRIPTION"]}}],"versions":["v9.2.0","v9.1.0","v9.0.4","v9.0.3","v9.0.2","v9.0.0","v8.3.3","v8.3.2","v8.3.1","v8.3.0","v8.2.2","v8.2.1","v8.2.0","v8.1.3","v8.1.1","v8.1.0","v8.0.1","v8.0.0","v7.5.1","v7.5.0","v7.4.1","v7.4.0","v7.3.3","v7.3.2","v7.3.0","v7.2.2","v7.2.1","v7.2.0","v7.1.1","v7.1.0","v7.0.1","v7.0.0","v6.4.2","v6.4.1","v6.4.0","v6.3.2","v6.3.1","v6.3.0","v6.2.2","v6.2.1","v6.2.0","v6.1.1","v6.1.0","ONLYOFFICE-DocumentServer-6.0.2","ONLYOFFICE-DocumentServer-6.0.1","ONLYOFFICE-DocumentServer-6.0.0","ONLYOFFICE-DocumentServer-5.6.5","ONLYOFFICE-DocumentServer-5.6.4","ONLYOFFICE-DocumentServer-5.6.3","ONLYOFFICE-DocumentServer-5.6.2","ONLYOFFICE-DocumentServer-5.6.1","ONLYOFFICE-DocumentServer-5.6.0","ONLYOFFICE-DocumentServer-5.5.3","ONLYOFFICE-DocumentServer-5.5.1","ONLYOFFICE-DocumentServer-5.5.0","ONLYOFFICE-DocumentServer-5.4.2","ONLYOFFICE-DocumentServer-5.4.1","ONLYOFFICE-DocumentServer-5.4.0-2","ONLYOFFICE-DocumentServer-5.3.4","ONLYOFFICE-DocumentServer-5.3.2","ONLYOFFICE-DocumentServer-5.3.1","ONLYOFFICE-DocumentServer-5.3.0","ONLYOFFICE-DocumentServer-5.2.8","ONLYOFFICE-DocumentServer-5.2.7","ONLYOFFICE-DocumentServer-5.2.6","ONLYOFFICE-DocumentServer-5.2.4","ONLYOFFICE-DocumentServer-5.2.3","ONLYOFFICE-DocumentServer-5.2.2","ONLYOFFICE-DocumentServer-5.2.0","ONLYOFFICE-DocumentServer-5.1.5","ONLYOFFICE-DocumentServer-5.1.4","ONLYOFFICE-DocumentServer-5.1.3","ONLYOFFICE-DocumentServer-5.1.2","ONLYOFFICE-DocumentServer-5.1.1","ONLYOFFICE-DocumentServer-5.1.0","ONLYOFFICE-DocumentServer-5.0.7","ONLYOFFICE-DocumentServer-5.0.6","ONLYOFFICE-DocumentServer-5.0.5","ONLYOFFICE-DocumentServer-5.0.4","ONLYOFFICE-DocumentServer-5.0.3","ONLYOFFICE-DocumentServer-4.4.3","ONLYOFFICE-DocumentServer-4.4.2","ONLYOFFICE-DocumentServer-4.4.1","ONLYOFFICE-DocumentServer-4.3.6","ONLYOFFICE-DocumentServer-4.3.5","ONLYOFFICE-DocumentServer-4.3.4","ONLYOFFICE-DocumentServer-4.3.3","ONLYOFFICE-DocumentServer-4.3.2","ONLYOFFICE-DocumentServer-4.3.1","ONLYOFFICE-DocumentServer-4.3.0","ONLYOFFICE-DocumentServer-4.2.11","ONLYOFFICE-DocumentServer-4.2.10","ONLYOFFICE-DocumentServer-4.2.9","ONLYOFFICE-DocumentServer-4.0.0-9","ONLYOFFICE-DocumentServer-4.2.8","ONLYOFFICE-DocumentServer-4.2.7","ONLYOFFICE-DocumentServer-4.2.5","ONLYOFFICE-DocumentServer-4.2.4","ONLYOFFICE-DocumentServer-4.2.3","ONLYOFFICE-DocumentServer-4.2.1","ONLYOFFICE-DocumentServer-4.2.0","ONLYOFFICE-DocumentServer-4.1.8-1","ONLYOFFICE-DocumentServer-4.1.6-3","ONLYOFFICE-DocumentServer-4.1.5-1","ONLYOFFICE-DocumentServer-4.1.4-3","ONLYOFFICE-DocumentServer-4.1.2-37","ONLYOFFICE-DocumentServer-4.0.3-3","ONLYOFFICE-DocumentServer-4.0.2-4","ONLYOFFICE-DocumentServer-4.0.1-34","ONLYOFFICE-DocumentServer-3.0.0","ONLYOFFICE-Online-Editors-2.5.7","ONLYOFFICE-Online-Editors-2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68917.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}]}