Classification: TLP:GREEN Internal reference: documents/office-web#97 Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Component: office Report confidence: Confirmed Solution status: Fixed by vendor Last affected revision: OX App Suite office 8.35.1513817, OX App Suite office 8.39.1565928, OX App Suite office 8.40.1565934, OX App Suite office 8.41.1523927 First fixed revision: OX App Suite office 8.35.1513818, OX App Suite office 8.39.1565929, OX App Suite office 8.40.1565935, OX App Suite office 8.41.1523928 Discovery date: 2025-07-14 Solution date: 2025-08-05 Disclosure date: 2025-09-24 CVE: CVE-2025-30190 CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) Details: XSS using unescaped user-ids in OX Documents. Malicious content at office documents can be used to inject script code when editing a document. Risk: Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. No publicly available exploits are known Solution: Please deploy the provided updates and patch releases. --- Internal reference: appsuite/platform/core#357 Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Component: backend Report confidence: Confirmed Solution status: Fixed by vendor Last affected revision: OX App Suite backend 8.35.110, OX App Suite backend 8.39.85, OX App Suite backend 8.40.73, OX App Suite backend 8.41.50 First fixed revision: OX App Suite backend 8.35.111, OX App Suite backend 8.39.86, OX App Suite backend 8.40.74, OX App Suite backend 8.41.51 Discovery date: 2025-08-05 Solution date: 2025-08-05 Disclosure date: 2025-09-24 CVE: CVE-2025-59025 CVSS: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Details: XSS through sanitizer bypass for CSS elements. Malicious e-mail content can be used to execute script code. Risk: Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. No publicly available exploits are known Solution: Sanitization has been updated to avoid such bypasses. --- Internal reference: appsuite/platform/core#361 Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Component: backend Report confidence: Confirmed Solution status: Fixed by vendor Last affected revision: OX App Suite backend 8.35.110, OX App Suite backend 8.39.85, OX App Suite backend 8.40.73, OX App Suite backend 8.41.67 First fixed revision: OX App Suite backend 8.35.111, OX App Suite backend 8.39.86, OX App Suite backend 8.40.74, OX App Suite backend 8.41.68 Discovery date: 2025-07-03 Solution date: 2025-08-12 Disclosure date: 2025-09-24 CVE: CVE-2025-59026 CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) Details: XSS based on file type confusion in download sanitization. Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Risk: Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. No publicly available exploits are known Solution: Please deploy the provided updates and patch releases. --- Internal reference: appsuite/platform/core#379 Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Component: backend Report confidence: Confirmed Solution status: Fixed by vendor Last affected revision: OX App Suite backend 8.35.107, OX App Suite backend 8.38.89, OX App Suite backend 8.39.83, OX App Suite backend 8.40.68, OX App Suite backend 8.41.60 First fixed revision: OX App Suite backend 8.35.108, OX App Suite backend 8.38.90, OX App Suite backend 8.39.84, OX App Suite backend 8.40.69, OX App Suite backend 8.41.61 Discovery date: 2025-08-26 Solution date: 2025-09-16 Disclosure date: 2025-09-24 CVE: CVE-2025-30186 CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) Details: XSS based on HTML extensions in download sanitization. Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Risk: Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. No publicly available exploits are known Solution: Please deploy the provided updates and patch releases.