Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Collabora
Collabora online Google android |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:* cpe:2.3:o:google:android:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Collabora
Collabora online Google android |
Thu, 29 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability. | |
Title | JavaScript Injection via url encoded values in links in Collabora Office Android | |
Weaknesses | CWE-84 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-29T16:49:12.270Z
Updated: 2024-08-29T17:07:43.388Z
Reserved: 2024-08-21T17:53:51.331Z
Link: CVE-2024-45045
Vulnrichment
Updated: 2024-08-29T17:07:39.908Z
NVD
Status : Analyzed
Published: 2024-08-29T17:15:08.977
Modified: 2024-09-03T15:13:16.580
Link: CVE-2024-45045
Redhat
No data.