3 matches found
CVE-2024-29182
CVE-2024-29182 affects Collabora Online (LibreOffice-based online suite). The vulnerability is a stored cross-site scripting flaw where an attacker can embed an XSS payload in document text referenced by a field; when a user hovers the text to display a tooltip, the payload could execute in the u...
CVE-2023-34088
Collabora Online contains a stored XSS vulnerability (admin/history page context) where an attacker can place an XSS payload in a document name. If an admin opens the history page, the name is injected as unescaped HTML and can execute within the admin console, potentially leaking the admin JWT u...
CVE-2023-48314
CVE-2023-48314 affects Collabora Online — Built-in CODE Server (richdocumentscode) before 23.5.403 , due to a vulnerability in the proxy.php component. The flaw arises from improper input handling/unescaped data, allowing a remote attacker to manipulate the page and potentially execute an attack....