Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

Incorrect Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the ydoc:document:update handler. An attacker can inject, modify, or delete content in collaborative documents by emitting crafted Socket.IO events after joining a document room wit...

GHSA-VRFH-RJ4Q-RMHR Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

EUVD-2024-42317

Malicious code in bioql PyPI...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

CVE-2024-47222

The CVE-2024-47222 entry corresponds to a vulnerability in New Cloud MyOffice SDK Collaborative Editing Server, with affected versions 2.2.2–2.8. The root cause is insufficient validation in the WOPI protocol handling, allowing server-side request forgery (SSRF) via manipulated requests originati...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

New Cloud MyOffice SDK Collaborative Editing Server 安全漏洞

MyOffice SDK is an office software development kit from MyOffice, Inc. A security vulnerability exists in New Cloud MyOffice SDK Collaborative Editing Server versions 2.2.2 through 2.8, which originates from a vulnerability that allows server-side request forgery to be implemented by manipulating...

PT-2024-3951 · Myoffice · Myoffice Sdk

Name of the Vulnerable Software and Affected Versions: New Cloud MyOffice SDK Collaborative Editing Server versions 2.2.2 through 2.8 Description: The issue is related to the implementation of the WOPI protocol in the MyOffice SDK, which lacks sufficient checking of incoming requests. This allows...

PT-2023-22108 · Google · Google Docs

Name of the Vulnerable Software and Affected Versions: Google Docs versions prior to the fixed version Description: The issue allows documents operations to be manipulated to contain invalid data types, possibly script code. This could lead to script code injection into an operation that would be...

MediaWiki: Multiple Vulnerabilities

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Attachments that are added to drafts while collaborative editing is off are searchable when collaborative editing is turned on

h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce Turn OFF collaborative editing Create a page Add attachment to the page Do not publish the page Try searching for the draft or attachment Enable Collaborative Editing Perform Reindexing Try searching for the draft o...

MediaWiki: Multiple vulnerabilities

Background MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Description Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

Unauthenticated users can view the content of Confluence blogs and pages (CVE-2017-7415)

The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft id. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the conten...

IBM InfoSphere Master Data Management Collaborative Cross-Site Scripting Vulnerability

IBM InfoSphere Master Data Management MDM Collaborative is a suite of collaborative editing solutions for Product Information Management PIM from IBM USA. A cross-site scripting vulnerability exists in IBM InfoSphere MDM Collaborative. When a user browses the affected site, their browser will...