Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. The issue is patched in Collabora Online 6.4.9-5. Collabora Online 4.2 is not affected.
References
Link | Resource |
---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-w536-654v-cjj9 | Third Party Advisory |
https://github.com/CollaboraOnline/online/security/advisories/GHSA-w536-654v-cjj9 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/CollaboraOnline/online/security/advisories/GHSA-w536-654v-cjj9 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.3 |
30 Jul 2021, 15:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
References | (CONFIRM) https://github.com/CollaboraOnline/online/security/advisories/GHSA-w536-654v-cjj9 - Third Party Advisory |
21 Jul 2021, 18:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-21 18:15
Updated : 2024-11-21 06:07
NVD link : CVE-2021-32745
Mitre link : CVE-2021-32745
CVE.ORG link : CVE-2021-32745
JSON object : View
Products Affected
collabora
- online
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')