CVE-2025-10255

Ascensio System SIA OnlyOffice Comment Messages.aspx cross site scripting

Description

A vulnerability was determined in Ascensio System SIA OnlyOffice up to 12.7.0. Impacted is an unknown function of the file /Products/Projects/Messages.aspx of the component Comment Handler. Executing manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was informed early about this issue and replied: "We are already working on this case, and the issues will be resolved in one of the upcoming patches."

INFO

Published Date :

2025-09-11T16:02:05.500Z

Last Modified :

2025-09-11T17:31:12.718Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-10255 vulnerability.

Vendors	Products
Onlyoffice	Onlyoffice

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10255.

URL	Resource
https://hkohi.ca/vulnerability/21
https://vuldb.com/?ctiid.323615
https://vuldb.com/?id.323615
https://vuldb.com/?submit.635871

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact