Vulnerability CVE-2023-49782
Published: 2023-12-08   Modified: 2023-12-14

Description:
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Affected software
Collaboraoffice -> Richdocumentscode 

 References:
https://github.com/CollaboraOnline/online/security/advisories/GHSA-8xm5-pgfr-8mjr
https://apps.nextcloud.com/apps/richdocumentscode
Copyright 2024, cxsecurity.com

 

Back to Top