4 matches found
CVE-2020-12432
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...
Improper access control
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...
CVE-2020-12432
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...
CVE-2020-12432
Summary: CVE-2020-12432 affects Collabora CODE/WOPI integration used by Vereign Collabora CODE up to version 4.2.2. The vulnerability arises from improper restriction of JavaScript delivery to a user’s browser and weak MIME-type access control, enabling cross-site scripting that can steal credent...