CVE-2024-29182

Published: Apr 4, 2024Modified: Sep 23, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: security-advisories@github.com (Secondary)

Description

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.

Affected (1)

Products: Collaboraoffice: Collabora Online

Collaboraoffice

1 product

Collabora Online

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Collaboraoffice Collabora Online	Before 23.05.10.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398

Source: security-advisories@github.com

Third Party Advisory

https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.