PT-2021-19901 · Collabora · Collabora Online

Lukas Reschke

Published

2021-07-21

Updated

2021-07-30

CVE-2021-32745

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Collabora Online versions prior to 6.4.9-5

Description A reflected XSS issue was found in Collabora Online, allowing an attacker to inject unescaped HTML into a variable as they created the Collabora Online iframe. This could execute scripts inside the context of the Collabora Online iframe, giving access to a small set of user settings stored in the browser and the session's authentication token.

Recommendations For versions prior to 6.4.9-5, update to Collabora Online 6.4.9-5 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-32745

GHSA-W536-654V-CJJ9

Affected Products

Collabora Online

PT-2021-19901 · Collabora · Collabora Online

CVE-2021-32745

Weakness Enumeration

Related Identifiers

Affected Products

References · 3