Published: 21/07/2020 Updated: 24/07/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The WOPI API integration for Vereign Collabora CODE up to and including 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.

Vulnerable Product	Search on Vulmon	Subscribe to Product
collaboraoffice collabora online development edition

CVE-2020-12432 Collabora CODE <= 422 Vereign's WOPI API Stored XSS and Insecure permissions (account hijack) - 422 Affected versions: Collabora CODE <= 422 Exploitation requirements: The Vereign's /wopi/ API interface has to be accessible using the provided generated token, which is the default configuration The wopi API interface developed by ver

CWE-79 https://github.com/d7x/CVE-2020-12432 https://www.youtube.com/watch?v=_tkRnSr6yc0 https://nvd.nist.gov https://github.com/d7x/CVE-2020-12432

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-12432

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect