CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48314 – Unescaped passing of the request URL in Collabora Online
https://notcve.org/view.php?id=CVE-2023-48314
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34088 – Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface
https://notcve.org/view.php?id=CVE-2023-34088
Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25630
https://notcve.org/view.php?id=CVE-2021-25630
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges. "loolforkit" es un programa privilegiado que se supone debe ser ejecutado por un usuario "lool" especial, sin privilegios. Antes de hacer cualquier otra cosa, "loolforkit" comprueba si fue invocado por el usuario "lool" y se niega a ejecutar con privilegios, si no es el caso. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v https://www.openwall.com/lists/oss-security/2021/01/18/3 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-12432
https://notcve.org/view.php?id=CVE-2020-12432
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken. La integración de la API WOPI para Vereign Collabora CODE versiones hasta 4.2.2, no restringe apropiadamente la entrega de JavaScript al navegador de la víctima y carece de un control de acceso de tipo MIME apropiado, lo que podría conllevar a un ataque de tipo XSS que roba credenciales de cuenta por medio de cookies o almacenamiento local. El atacante primero debe obtener un token de acceso a la API, que puede ser alcanzado si el atacante es capaz de cargar un archivo .docx o .odt. • https://github.com/d7x/CVE-2020-12432 https://www.youtube.com/watch?v=_tkRnSr6yc0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •