Hightimar

**Name of the Vulnerable Software and Affected Versions** Collabora Online - Built-in CODE Server (richdocumentscode) versions prior to 23.5.403 **Description** The issue is related to the proxy.php component of Collabora Online, which is a collaborative online office suite based on LibreOffice technology. This component is vulnerable to attack, potentially allowing a remote attacker to conduct a cross-site scripting (XSS) attack due to inadequate protection of the web page structure. Users of Nextcloud with the Collabora Online Built-in CODE Server app are at risk. There are no known workarounds for this issue. **Recommendations** For Collabora Online - Built-in CODE Server (richdocumentscode) versions prior to 23.5.403, upgrade to release 23.5.403 to fix the vulnerability. As a temporary workaround, consider restricting access to the `proxy.php` endpoint until the upgrade is applied.