MEDIUM🇬🇧 English

CVE-2024-29182

CVSS 6.1v3.1pub. 2024-04-04upd. 2025-09-23

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Collaboraoffice Collabora Online

    APP
    Collaboraoffice
    < 23.05.10.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2023-48314HIGH7.1ten sam produkt

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-34088HIGH8.7ten sam produkt

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was...

CVE-2023-49782HIGH7.1ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud wi...

CVE-2023-49788HIGH7.2ten sam vendor

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone d...

CVE-2021-25630HIGH7.8ten sam vendor

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Befo...