CVE-2020-12432

Published: Jul 21, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.

Affected (1)

Products: Collaboraoffice: Collabora Online Development Edition

Collaboraoffice

1 product

Collabora Online Development Edition

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Collaboraoffice Collabora Online Development Edition	Up to 4.2.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://github.com/d7x/CVE-2020-12432

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=_tkRnSr6yc0

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/d7x/CVE-2020-12432

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.youtube.com/watch?v=_tkRnSr6yc0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.