Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    14 vulnerabilities by collaboraoffice

    CVE-2024-29182 (GCVE-0-2024-29182)

    Vulnerability from nvd – Published: 2024-04-04 14:48 – Updated: 2024-08-02 01:10
    VLAI
    Title
    Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: >= 23, < 23.05.10.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-05T13:05:10.741135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:57:56.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:10:54.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 23, \u003c 23.05.10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user\u0027s browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-04T14:48:16.705Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398"
            }
          ],
          "source": {
            "advisory": "GHSA-9gmw-5q2c-4398",
            "discovery": "UNKNOWN"
          },
          "title": "Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29182",
        "datePublished": "2024-04-04T14:48:16.705Z",
        "dateReserved": "2024-03-18T17:07:00.092Z",
        "dateUpdated": "2024-08-02T01:10:54.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49788 (GCVE-0-2023-49788)

    Vulnerability from nvd – Published: 2023-12-08 20:02 – Updated: 2024-08-02 22:01
    VLAI
    Title
    Improper handling of browser-side provided input in richdocuments path handling
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    CWE
    • CWE-501 - Trust Boundary Violation
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: < 23.5.602
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:26.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23.5.602"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client-\u003eserver commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-501",
                  "description": "CWE-501: Trust Boundary Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T20:02:07.086Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j"
            }
          ],
          "source": {
            "advisory": "GHSA-3r69-xvf7-v94j",
            "discovery": "UNKNOWN"
          },
          "title": "Improper handling of browser-side provided input in richdocuments path handling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49788",
        "datePublished": "2023-12-08T20:02:07.086Z",
        "dateReserved": "2023-11-30T13:39:50.862Z",
        "dateUpdated": "2024-08-02T22:01:26.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49782 (GCVE-0-2023-49782)

    Vulnerability from nvd – Published: 2023-12-08 20:04 – Updated: 2024-08-02 22:01
    VLAI
    Title
    Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: < 23.5.601
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr"
              },
              {
                "name": "https://apps.nextcloud.com/apps/richdocumentscode",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://apps.nextcloud.com/apps/richdocumentscode"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23.5.601"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T20:04:11.692Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr"
            },
            {
              "name": "https://apps.nextcloud.com/apps/richdocumentscode",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://apps.nextcloud.com/apps/richdocumentscode"
            }
          ],
          "source": {
            "advisory": "GHSA-8xm5-pgfr-8mjr",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site-Scripting vulnerability in error message passing in richdocumentscode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49782",
        "datePublished": "2023-12-08T20:04:11.692Z",
        "dateReserved": "2023-11-30T13:39:50.861Z",
        "dateUpdated": "2024-08-02T22:01:25.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48314 (GCVE-0-2023-48314)

    Vulnerability from nvd – Published: 2023-12-01 22:02 – Updated: 2025-06-03 02:18
    VLAI
    Title
    Unescaped passing of the request URL in Collabora Online
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: < 23.5.403
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:23:39.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T02:18:25.105922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T02:18:35.814Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23.5.403"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-01T22:02:16.596Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2"
            }
          ],
          "source": {
            "advisory": "GHSA-qjrm-q4h5-v3r2",
            "discovery": "UNKNOWN"
          },
          "title": "Unescaped passing of the request URL in Collabora Online"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-48314",
        "datePublished": "2023-12-01T22:02:16.596Z",
        "dateReserved": "2023-11-14T17:41:15.574Z",
        "dateUpdated": "2025-06-03T02:18:35.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34088 (GCVE-0-2023-34088)

    Vulnerability from nvd – Published: 2023-05-31 18:15 – Updated: 2025-01-09 19:51
    VLAI
    Title
    Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface
    Summary
    Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: coolwsd < 22.05.13
    Affected: coolwsd < 21.11.9.1
    Affected: loolwsd < 6.4.27
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:53.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34088",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T19:50:55.893079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T19:51:07.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "coolwsd \u003c 22.05.13"
                },
                {
                  "status": "affected",
                  "version": "coolwsd \u003c 21.11.9.1"
                },
                {
                  "status": "affected",
                  "version": "loolwsd \u003c 6.4.27"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-31T18:15:42.895Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr"
            }
          ],
          "source": {
            "advisory": "GHSA-7582-pwfh-3pwr",
            "discovery": "UNKNOWN"
          },
          "title": "Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-34088",
        "datePublished": "2023-05-31T18:15:42.895Z",
        "dateReserved": "2023-05-25T21:56:51.244Z",
        "dateUpdated": "2025-01-09T19:51:07.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25630 (GCVE-0-2021-25630)

    Vulnerability from nvd – Published: 2021-02-23 15:33 – Updated: 2024-09-16 22:14
    VLAI
    Summary
    "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.
    Severity
    No CVSS data available.
    CWE
    • "loolforkit" privileged program local root exploit
    Assigner
    References
    Impacted products
    Vendor Product Version
    Collabora Productivity Collabora Online Affected: Collabora Online 4.2 , < 4.2.13 (custom)
    Affected: Collabora Online 6.4 , < 6.4.3 (custom)
    Create a notification for this product.
    The Document Foundation LibreOffice Online Affected: unspecified , ≤ 7.0.1.1 (custom)
    Create a notification for this product.
    Date Public
    2021-01-26 00:00
    Credits
    Thanks to Matthias Gerstner (SUSE) for raising the issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/01/18/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Collabora Online",
              "vendor": "Collabora Productivity",
              "versions": [
                {
                  "lessThan": "4.2.13",
                  "status": "affected",
                  "version": "Collabora Online 4.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.3",
                  "status": "affected",
                  "version": "Collabora Online 6.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LibreOffice Online",
              "vendor": "The Document Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Matthias Gerstner (SUSE) for raising the issue."
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "\"loolforkit\" is a privileged program that is supposed to be run by a special, non-privileged \"lool\" user. Before doing anything else \"loolforkit\" checks, if it was invoked by the \"lool\" user, and refuses to run with privileges, if it\u0027s not the case. In the vulnerable version of \"loolforkit\" this check was wrong, so a normal user could start \"loolforkit\" and eventually get local root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "\"loolforkit\" privileged program local root exploit",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-23T15:33:49.000Z",
            "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
            "shortName": "Document Fdn."
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/01/18/3"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@documentfoundation.org",
              "DATE_PUBLIC": "2021-01-26T00:00:00.000Z",
              "ID": "CVE-2021-25630",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Collabora Online",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "Collabora Online 4.2",
                                "version_value": "4.2.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "Collabora Online 6.4",
                                "version_value": "6.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Collabora Productivity"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LibreOffice Online",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "7.0.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Document Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Matthias Gerstner (SUSE) for raising the issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\"loolforkit\" is a privileged program that is supposed to be run by a special, non-privileged \"lool\" user. Before doing anything else \"loolforkit\" checks, if it was invoked by the \"lool\" user, and refuses to run with privileges, if it\u0027s not the case. In the vulnerable version of \"loolforkit\" this check was wrong, so a normal user could start \"loolforkit\" and eventually get local root privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "\"loolforkit\" privileged program local root exploit"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v",
                  "refsource": "MISC",
                  "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/01/18/3",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/01/18/3"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
        "assignerShortName": "Document Fdn.",
        "cveId": "CVE-2021-25630",
        "datePublished": "2021-02-23T15:33:49.271Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:14:42.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12432 (GCVE-0-2020-12432)

    Vulnerability from nvd – Published: 2020-07-21 13:39 – Updated: 2024-08-04 11:56
    VLAI
    Summary
    The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:56:52.052Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=_tkRnSr6yc0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/d7x/CVE-2020-12432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim\u0027s browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-21T13:39:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=_tkRnSr6yc0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/d7x/CVE-2020-12432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-12432",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim\u0027s browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.youtube.com/watch?v=_tkRnSr6yc0",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=_tkRnSr6yc0"
                },
                {
                  "name": "https://github.com/d7x/CVE-2020-12432",
                  "refsource": "MISC",
                  "url": "https://github.com/d7x/CVE-2020-12432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12432",
        "datePublished": "2020-07-21T13:39:27.000Z",
        "dateReserved": "2020-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:56:52.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29182 (GCVE-0-2024-29182)

    Vulnerability from cvelistv5 – Published: 2024-04-04 14:48 – Updated: 2024-08-02 01:10
    VLAI
    Title
    Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: >= 23, < 23.05.10.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-05T13:05:10.741135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:57:56.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:10:54.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 23, \u003c 23.05.10.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user\u0027s browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-04T14:48:16.705Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398"
            }
          ],
          "source": {
            "advisory": "GHSA-9gmw-5q2c-4398",
            "discovery": "UNKNOWN"
          },
          "title": "Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29182",
        "datePublished": "2024-04-04T14:48:16.705Z",
        "dateReserved": "2024-03-18T17:07:00.092Z",
        "dateUpdated": "2024-08-02T01:10:54.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49782 (GCVE-0-2023-49782)

    Vulnerability from cvelistv5 – Published: 2023-12-08 20:04 – Updated: 2024-08-02 22:01
    VLAI
    Title
    Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: < 23.5.601
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr"
              },
              {
                "name": "https://apps.nextcloud.com/apps/richdocumentscode",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://apps.nextcloud.com/apps/richdocumentscode"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23.5.601"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T20:04:11.692Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr"
            },
            {
              "name": "https://apps.nextcloud.com/apps/richdocumentscode",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://apps.nextcloud.com/apps/richdocumentscode"
            }
          ],
          "source": {
            "advisory": "GHSA-8xm5-pgfr-8mjr",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site-Scripting vulnerability in error message passing in richdocumentscode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49782",
        "datePublished": "2023-12-08T20:04:11.692Z",
        "dateReserved": "2023-11-30T13:39:50.861Z",
        "dateUpdated": "2024-08-02T22:01:25.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49788 (GCVE-0-2023-49788)

    Vulnerability from cvelistv5 – Published: 2023-12-08 20:02 – Updated: 2024-08-02 22:01
    VLAI
    Title
    Improper handling of browser-side provided input in richdocuments path handling
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    CWE
    • CWE-501 - Trust Boundary Violation
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: < 23.5.602
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:26.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23.5.602"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client-\u003eserver commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-501",
                  "description": "CWE-501: Trust Boundary Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T20:02:07.086Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j"
            }
          ],
          "source": {
            "advisory": "GHSA-3r69-xvf7-v94j",
            "discovery": "UNKNOWN"
          },
          "title": "Improper handling of browser-side provided input in richdocuments path handling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49788",
        "datePublished": "2023-12-08T20:02:07.086Z",
        "dateReserved": "2023-11-30T13:39:50.862Z",
        "dateUpdated": "2024-08-02T22:01:26.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48314 (GCVE-0-2023-48314)

    Vulnerability from cvelistv5 – Published: 2023-12-01 22:02 – Updated: 2025-06-03 02:18
    VLAI
    Title
    Unescaped passing of the request URL in Collabora Online
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: < 23.5.403
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:23:39.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T02:18:25.105922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T02:18:35.814Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 23.5.403"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-01T22:02:16.596Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2"
            }
          ],
          "source": {
            "advisory": "GHSA-qjrm-q4h5-v3r2",
            "discovery": "UNKNOWN"
          },
          "title": "Unescaped passing of the request URL in Collabora Online"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-48314",
        "datePublished": "2023-12-01T22:02:16.596Z",
        "dateReserved": "2023-11-14T17:41:15.574Z",
        "dateUpdated": "2025-06-03T02:18:35.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34088 (GCVE-0-2023-34088)

    Vulnerability from cvelistv5 – Published: 2023-05-31 18:15 – Updated: 2025-01-09 19:51
    VLAI
    Title
    Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface
    Summary
    Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CollaboraOnline online Affected: coolwsd < 22.05.13
    Affected: coolwsd < 21.11.9.1
    Affected: loolwsd < 6.4.27
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:53.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34088",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T19:50:55.893079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T19:51:07.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "online",
              "vendor": "CollaboraOnline",
              "versions": [
                {
                  "status": "affected",
                  "version": "coolwsd \u003c 22.05.13"
                },
                {
                  "status": "affected",
                  "version": "coolwsd \u003c 21.11.9.1"
                },
                {
                  "status": "affected",
                  "version": "loolwsd \u003c 6.4.27"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-31T18:15:42.895Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr"
            }
          ],
          "source": {
            "advisory": "GHSA-7582-pwfh-3pwr",
            "discovery": "UNKNOWN"
          },
          "title": "Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-34088",
        "datePublished": "2023-05-31T18:15:42.895Z",
        "dateReserved": "2023-05-25T21:56:51.244Z",
        "dateUpdated": "2025-01-09T19:51:07.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25630 (GCVE-0-2021-25630)

    Vulnerability from cvelistv5 – Published: 2021-02-23 15:33 – Updated: 2024-09-16 22:14
    VLAI
    Summary
    "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.
    Severity
    No CVSS data available.
    CWE
    • "loolforkit" privileged program local root exploit
    Assigner
    References
    Impacted products
    Vendor Product Version
    Collabora Productivity Collabora Online Affected: Collabora Online 4.2 , < 4.2.13 (custom)
    Affected: Collabora Online 6.4 , < 6.4.3 (custom)
    Create a notification for this product.
    The Document Foundation LibreOffice Online Affected: unspecified , ≤ 7.0.1.1 (custom)
    Create a notification for this product.
    Date Public
    2021-01-26 00:00
    Credits
    Thanks to Matthias Gerstner (SUSE) for raising the issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/01/18/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Collabora Online",
              "vendor": "Collabora Productivity",
              "versions": [
                {
                  "lessThan": "4.2.13",
                  "status": "affected",
                  "version": "Collabora Online 4.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.3",
                  "status": "affected",
                  "version": "Collabora Online 6.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "LibreOffice Online",
              "vendor": "The Document Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Matthias Gerstner (SUSE) for raising the issue."
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "\"loolforkit\" is a privileged program that is supposed to be run by a special, non-privileged \"lool\" user. Before doing anything else \"loolforkit\" checks, if it was invoked by the \"lool\" user, and refuses to run with privileges, if it\u0027s not the case. In the vulnerable version of \"loolforkit\" this check was wrong, so a normal user could start \"loolforkit\" and eventually get local root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "\"loolforkit\" privileged program local root exploit",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-23T15:33:49.000Z",
            "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
            "shortName": "Document Fdn."
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/01/18/3"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@documentfoundation.org",
              "DATE_PUBLIC": "2021-01-26T00:00:00.000Z",
              "ID": "CVE-2021-25630",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Collabora Online",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "Collabora Online 4.2",
                                "version_value": "4.2.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "Collabora Online 6.4",
                                "version_value": "6.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Collabora Productivity"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LibreOffice Online",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "7.0.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Document Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Matthias Gerstner (SUSE) for raising the issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\"loolforkit\" is a privileged program that is supposed to be run by a special, non-privileged \"lool\" user. Before doing anything else \"loolforkit\" checks, if it was invoked by the \"lool\" user, and refuses to run with privileges, if it\u0027s not the case. In the vulnerable version of \"loolforkit\" this check was wrong, so a normal user could start \"loolforkit\" and eventually get local root privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "\"loolforkit\" privileged program local root exploit"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v",
                  "refsource": "MISC",
                  "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/01/18/3",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/01/18/3"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
        "assignerShortName": "Document Fdn.",
        "cveId": "CVE-2021-25630",
        "datePublished": "2021-02-23T15:33:49.271Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:14:42.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12432 (GCVE-0-2020-12432)

    Vulnerability from cvelistv5 – Published: 2020-07-21 13:39 – Updated: 2024-08-04 11:56
    VLAI
    Summary
    The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:56:52.052Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=_tkRnSr6yc0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/d7x/CVE-2020-12432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim\u0027s browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-21T13:39:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=_tkRnSr6yc0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/d7x/CVE-2020-12432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-12432",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim\u0027s browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.youtube.com/watch?v=_tkRnSr6yc0",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=_tkRnSr6yc0"
                },
                {
                  "name": "https://github.com/d7x/CVE-2020-12432",
                  "refsource": "MISC",
                  "url": "https://github.com/d7x/CVE-2020-12432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12432",
        "datePublished": "2020-07-21T13:39:27.000Z",
        "dateReserved": "2020-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:56:52.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }