Stored Cross-Site Scripting Vulnerability in Collabora Online by Collabora
CVE-2024-29182

Currently unrated

Key Information:

Vendor: Collabora
Status: Collabora Online
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-29182?

A stored cross-site scripting vulnerability exists in Collabora Online, a collaborative online office suite based on LibreOffice. This vulnerability allows an attacker to embed an XSS payload in the text of a document. If a user hovers over a certain field in the document, the payload may execute in their browser, potentially compromising user data and session integrity. It is crucial for users to upgrade to Collabora Online 23.05.10.1 or higher to mitigate this risk. The older series of Collabora Online, specifically the 22.04 and 21.11 versions, remain unaffected by this issue.

References

https://github.com/CollaboraOnline/online/security/adviso...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2024

CVE-2024-29182 Data

JSON