CVE-2023-48314

Name of the Vulnerable Software and Affected Versions Collabora Online - Built-in CODE Server (richdocumentscode) versions prior to 23.5.403

Description The issue is related to the proxy.php component of Collabora Online, which is a collaborative online office suite based on LibreOffice technology. This component is vulnerable to attack, potentially allowing a remote attacker to conduct a cross-site scripting (XSS) attack due to inadequate protection of the web page structure. Users of Nextcloud with the Collabora Online Built-in CODE Server app are at risk. There are no known workarounds for this issue.

Recommendations For Collabora Online - Built-in CODE Server (richdocumentscode) versions prior to 23.5.403, upgrade to release 23.5.403 to fix the vulnerability. As a temporary workaround, consider restricting access to the proxy.php endpoint until the upgrade is applied.