Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
collabora online vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-32744
Collabora Online is a collaborative online office suite. In versions before 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker ...
Collabora Online
383
VMScore
CVE-2021-43817
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and exec...
Collabora Online
1 Github repository
383
VMScore
CVE-2021-32745
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the conte...
Collabora Online
383
VMScore
CVE-2020-12432
The WOPI API integration for Vereign Collabora CODE up to and including 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local stor...
Collaboraoffice Collabora Online Development Edition
1 Github repository
356
VMScore
CVE-2021-32748
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or...
Nextcloud Richdocuments
NA
CVE-2024-29182
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce ...
NA
CVE-2024-30265
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by som...
NA
CVE-2024-25114
Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this ...
NA
CVE-2023-49782
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscod...
Collaboraoffice Richdocumentscode
NA
CVE-2023-49788
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be s...
Collaboraoffice Richdocumentscode
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »