Timarp

Name of the Vulnerable Software and Affected Versions: Collabora Online versions prior to 4.2.20 Collabora Online versions prior to 6.4.16 Description: A reflected XSS vulnerability was found in Collabora Online, a collaborative online office suite based on LibreOffice technology. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Recommendations: For Collabora Online versions prior to 4.2.20, upgrade to Collabora Online 4.2.20 or higher. For Collabora Online versions prior to 6.4.16, upgrade to Collabora Online 6.4.16 or higher.