CVE-2023-49782
Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Collabora Online es una suite ofimática colaborativa en línea basada en la tecnología LibreOffice. Los usuarios de Nextcloud con la aplicación `Collabora Online - Integrated CODE Server` pueden ser vulnerables a ataques a través de proxy.php. El error se solucionó en Collabora Online - Servidor CODE integrado (richdocumentscode) versión 23.5.601. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-30 CVE Reserved
- 2023-12-08 CVE Published
- 2023-12-14 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://apps.nextcloud.com/apps/richdocumentscode | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr | 2023-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Collaboraoffice Search vendor "Collaboraoffice" | Richdocumentscode Search vendor "Collaboraoffice" for product "Richdocumentscode" | < 23.5.601 Search vendor "Collaboraoffice" for product "Richdocumentscode" and version " < 23.5.601" | nextcloud |
Affected
|