Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
CVE-2023-49782

7.1HIGH

Key Information:

Vendor: CollaboraOnline
Status: online
Vendor: CVE Published:; 8 December 2023

Summary

Collabora Online, a collaborative online office suite leveraging LibreOffice technology, is exposed to a vulnerability affecting Nextcloud users utilizing the 'Collabora Online - Built-in CODE Server'. This security flaw, located in proxy.php, allows potential attackers to conduct unauthorized actions. The issue has been resolved in the latest release (version 23.5.601), and users are strongly advised to update their systems immediately, as no alternative workarounds are available.

Affected Version(s)

online < 23.5.601

References

https://github.com/CollaboraOnline/online/security/adviso...

x_refsource_CONFIRM

https://apps.nextcloud.com/apps/richdocumentscode

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 8, 2023
Vulnerability Reserved
Nov 30, 2023