Lucene search
+L
CollaboraOnline

7 matches found

cve
cve
added 2024/03/11 9:32 p.m.79 views

CVE-2024-25114

CVE-2024-25114 affects Collabora Online (LibreOffice-based online suite). The vulnerability arises because the CELL() function, when used with the filename argument in the spreadsheet component, can reveal a JailID path used for per-document process isolation. This information disclosure is consi...

5.3CVSS3.6AI score0.00471EPSS
cve
cve
added 2024/08/29 4:49 p.m.69 views

CVE-2024-45045

CVE-2024-45045 affects mobile variants (Android/iOS) of Collabora Online, based on LibreOffice. The vulnerability enables injection of JavaScript through URL-encoded values in links within documents, exploiting the Android JavaScript interface which can access internal functions. Non-mobile varia...

6.3CVSS6.2AI score0.00272EPSS
cve
cve
added 2021/12/13 7:45 p.m.68 views

CVE-2021-43817

CVE-2021-43817 affects Collabora Online (including Collabora Online/ CODE). A reflected XSS vulnerability exists where unescaped HTML injected into a variable during iframe creation can execute scripts within the Collabora Online iframe. Impact per sources includes access to a small set of browse...

8.2CVSS6.5AI score0.00646EPSS
cve
cve
added 2021/07/21 5:40 p.m.59 views

CVE-2021-32745

CVE-2021-32745 is a reflected XSS vulnerability in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable when creating the Collabora Online iframe, enabling scripts to run in the iframe context and access a small set of browser-stored user settings and...

7.3CVSS6.2AI score0.00603EPSS
cve
cve
added 2021/07/21 4:0 p.m.46 views

CVE-2021-32744

CVE-2021-32744 affects Collabora Online. Versions prior to 4.2.17-1 and 6.4.9-5 allow unauthenticated attackers to access files open by other users by guessing the file identifier (IDOR). The file-identifier predictability depends on external storage implementations. Patches exist in 4.2.17-1 and...

9.8CVSS7.9AI score0.01053EPSS
cve
cve
added 2023/05/15 8:58 p.m.46 views

CVE-2023-31145

CVE-2023-31145 describes a reflected XSS with full CSP bypass in Collabora Online when installed with the Nextcloud bundle. The vulnerability allows an attacker to inject malicious code into pages and run in the victim’s browser session, enabling a trivial account takeover attack. Exploitation re...

6.1CVSS5.4AI score0.00398EPSS
cve
cve
added 2025/12/03 6:25 p.m.19 views

CVE-2025-66208

CVE-2025-66208 affects Collabora Online – Built-in CODE Server (richdocumentscode proxy). The vulnerability is a configuration-dependent OS command injection (RCE) in the richdocumentscode proxy present in versions prior to 25.04.702, exploitable by attackers via proxy.php and an intermediate rev...

9.8CVSS6.5AI score0.00984EPSS