Published: 13/12/2021 Updated: 15/12/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
collabora online

Demarche pour libreoffice wwwvulnerabilityassessmentcouk/Penetration%20Testhtml ==> Common Vulnerability and Exploits cvemitreorg/ ==> Taper ensuite dans "Search CVE List" le mot clé souhaité Dans notre cas c'est "LibreOffice" Choisir un code CVE, par exemple "CVE-2021-43817" et faite la recherc

CWE-79 https://github.com/CollaboraOnline/online/security/advisories/GHSA-7f6h-v9mx-58q9 https://nvd.nist.gov https://github.com/akemery/CVE_SEARCH

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-43817

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect