Headline

CVE-2023-49782: Cross-Site-Scripting vulnerability in richdocuments error message handling

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.

11 months ago

CVE

Open in Source

#vulnerability #git #php

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Additional navigation options

Package

richdocumentscode (richdocumentscode)

Affected versions

< 23.5.601

Patched versions

23.5.601

Description

Impact

Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php.

Patches

The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601.

Workarounds

None, except removing Collabora Online - Built-in CODE Server (richdocumentscode) app or using standalone dedicated Collabora Online server.

Credits

Thanks to @Ry0taK for discovering and reporting this vulnerability

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago