Vulnerability Description
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Collaboraoffice | Collabora Online | < 23.05.10.1 |
Related Weaknesses (CWE)
References
- https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-439Third Party Advisory
- https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-439Third Party Advisory
FAQ
What is CVE-2024-29182?
CVE-2024-29182 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS...
How severe is CVE-2024-29182?
CVE-2024-29182 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29182?
Check the references section above for vendor advisories and patch information. Affected products include: Collaboraoffice Collabora Online.