Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.
References
Link | Resource |
---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-7f6h-v9mx-58q9 | Third Party Advisory |
https://github.com/CollaboraOnline/online/security/advisories/GHSA-7f6h-v9mx-58q9 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/CollaboraOnline/online/security/advisories/GHSA-7f6h-v9mx-58q9 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 8.2 |
15 Dec 2021, 21:59
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/CollaboraOnline/online/security/advisories/GHSA-7f6h-v9mx-58q9 - Third Party Advisory | |
CPE | cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
13 Dec 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-13 20:15
Updated : 2024-11-21 06:29
NVD link : CVE-2021-43817
Mitre link : CVE-2021-43817
CVE.ORG link : CVE-2021-43817
JSON object : View
Products Affected
collabora
- online
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')