CVE-2024-29182
Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.
Collabora Online es una suite ofimática colaborativa en línea basada en LibreOffice. Se encontró una vulnerabilidad de Cross-Site Scripting almacenada en Collabora Online. Un atacante podría crear un documento con un payload XSS en el texto del documento al que se hace referencia por campo que, si se pasa por encima para generar información sobre herramientas, podría ser ejecutado por el navegador del usuario. Los usuarios deben actualizar a Collabora Online 23.05.10.1 o superior. Las series anteriores de Collabora Online, 22.04, 21.11, etc. no se ven afectadas.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-18 CVE Reserved
- 2024-04-04 CVE Published
- 2024-04-05 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
CollaboraOnline Search vendor "CollaboraOnline" | Online Search vendor "CollaboraOnline" for product "Online" | >= 23.0.0.0 < 23.05.10.1 Search vendor "CollaboraOnline" for product "Online" and version " >= 23.0.0.0 < 23.05.10.1" | en |
Affected
|