CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43817 – Reflected Cross-Site-Scripting vulnerability in Collabora Online
https://notcve.org/view.php?id=CVE-2021-43817
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-7f6h-v9mx-58q9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32745 – Reflected Cross-Site-Scripting vulnerability
https://notcve.org/view.php?id=CVE-2021-32745
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. The issue is patched in Collabora Online 6.4.9-5. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-w536-654v-cjj9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32744 – Unauthenticated attacker could gain access to currently open files
https://notcve.org/view.php?id=CVE-2021-32744
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential "IDOR" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25630
https://notcve.org/view.php?id=CVE-2021-25630
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges. "loolforkit" es un programa privilegiado que se supone debe ser ejecutado por un usuario "lool" especial, sin privilegios. Antes de hacer cualquier otra cosa, "loolforkit" comprueba si fue invocado por el usuario "lool" y se niega a ejecutar con privilegios, si no es el caso. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v https://www.openwall.com/lists/oss-security/2021/01/18/3 • CWE-269: Improper Privilege Management •