122 matches found
Arbitrary Code Execution
org.openrefine.dependencies, butterfly is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper input handling in the Butterfly.prototype.parseJSON or getJSON functions, allowing crafted input to execute arbitrary JavaScript code on the server...
The vulnerability of the built-in document editing server Collabora Online – the CODE Server (richdocumentscode) – is related to an incorrect limitation on the path to the restricted access catalog. This allows a malicious user to execute arbitrary commands.
The vulnerability of the built-in document editing server Collabora Online – CODE Server richdocumentcode is related to an incorrect limitation on the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...
CVE-2023-49788
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...
Code injection
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...
CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
CVE-2023-49788
Collabora Online’s Built-in CODE Server (richdocumentscode) is vulnerable to commands from the client that could overwrite files outside the transient session subdirectory. The issue affects vulnerable richdocumentscode versions and is mitigated by upgrading to release 23.5.602; users are advised...
CVE-2023-49788 Improper handling of browser-side provided input in richdocuments path handling
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...
PT-2023-7598 · Collabora +2 · Collabora Online - Built-In Code Server +2
Name of the Vulnerable Software and Affected Versions: Collabora Online - Built-in CODE Server versions prior to 23.5.601 Description: The issue is related to the proxy.php script in the Collabora Online - Built-in CODE Server, which fails to protect the web page structure when handling error...
Code injection
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...
CVE-2023-48314 Unescaped passing of the request URL in Collabora Online
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...
PT-2023-8434 · Collabora +2 · Collabora Online +2
Name of the Vulnerable Software and Affected Versions: Collabora Online - Built-in CODE Server richdocumentscode versions prior to 23.5.403 Description: The issue is related to the proxy.php component of Collabora Online, which is a collaborative online office suite based on LibreOffice technolog...
Improper Validation
code-server, is vulnerable to Improper Validation. The vulnerability exists due to missing WebSocket origin validations handshakes which allows an attacker to gain access to the server and perform unauthorized actions...
@web-desktop-environment/development-edition-server (>=0.0.4 <=1.0.2), @web-desktop-environment/pack-dev (>=1.0.1 <=1.0.2) potentially affected by CVE-2023-26114 via code-server (>=3.12.0 <=3.9.3)
code-server NPM version =3.12.0, =0.0.4, =1.0.1, =1.0.2 Source cves: CVE-2023-26114 Source advisory: OSV:GHSA-FRJG-G767-7363...
GHSA-FRJG-G767-7363 code-server vulnerable to Missing Origin Validation in WebSockets
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...
code-server vulnerable to Missing Origin Validation in WebSockets
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...
CVE-2023-26114
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...
CVE-2023-26114
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...
Input validation
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...
CVE-2023-26114
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...