ONLYOFFICE / Р7-Офис Cross-Site Scripting Scanner

ONLYOFFICE / Р7-Офис is an enterprise-level office server used worldwide by organizations to streamline their document management processes. It is an all-encompassing suite providing applications for text, spreadsheet, and presentation editing, often integrated into intranet systems for improved employee collaboration. The software supports a wide range of file formats making it versatile and user-friendly. Enterprises prefer ONLYOFFICE / Р7-Офис as it can be tailored to meet specific needs and administrative controls. Its web-based architecture provides accessibility from any device connected to the network. As a tool critical for businesses, ensuring its security is of utmost importance.

Cross-Site Scripting (XSS) is a vulnerability type found in web applications allowing attackers to inject malicious script into webpages viewed by others. In the case of ONLYOFFICE / Р7-Офис, versions prior to 12.5.2 are vulnerable to reflected XSS attacks. An attacker can craft a URL that includes a script, which when clicked by a user, executes the script in the context of the user's session. This can lead to unauthorized actions being taken on behalf of the victim. XSS vulnerabilities are common in web applications with insufficient input validation. They can be exploited by crafting scripts that steal cookies or session tokens, increasing chances of unauthorized access.

This vulnerability occurs in the application's web interface. The vulnerable endpoint is '/Products/Files/HttpHandlers/filehandler.ashx' with the 'action=thumb&fileid' parameter. The parameter does not properly sanitize input, allowing script injection attacks.

If exploited, this vulnerability can lead to unauthorized script execution in a user's session context, resulting in possible data theft or unauthorized actions. Attackers may be able to manipulate DOM elements, redirect users to phishing sites, and more severely, steal cookies or session identifiers from users. The escalated privileges an attacker may gain can be leveraged to compromise more secure facets of the web application. It is important to address this vulnerability swiftly to prevent exploitation by knowledgeable attackers. Further, exploiting this vulnerability can damage the trust and integrity of the application among its users.