CVE-2023-48314 – Unescaped passing of the request URL in Collabora Online
https://notcve.org/view.php?id=CVE-2023-48314
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-qjrm-q4h5-v3r2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-34088 – Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface
https://notcve.org/view.php?id=CVE-2023-34088
Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. • https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •