CVE-2025-68935

MED 6.4

Published

2025-12-25

Last Modified

2026-01-02

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.

Affected Applications in Environment 1

Affected Devices 1

References 1