CVE-2021-40864

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
onlyofficegoogle_translate
6.1.0 ≤
𝑥
< 6.3.0.72
𝑥
= Vulnerable software versions
References
https://github.com/ONLYOFFICE/plugin-translator/commit/2206c0179cb97e3b8b290a0ab5719b1f0f54542b
https://github.com/ONLYOFFICE/plugin-translator/compare/v6.3.0.71...v6.3.0.72
https://github.com/ONLYOFFICE/plugin-translator/commit/2206c0179cb97e3b8b290a0ab5719b1f0f54542b
https://github.com/ONLYOFFICE/plugin-translator/compare/v6.3.0.71...v6.3.0.72