CVE-2023-49782

Name of the Vulnerable Software and Affected Versions Collabora Online - Built-in CODE Server versions prior to 23.5.601

Description The issue is related to the proxy.php script in the Collabora Online - Built-in CODE Server, which fails to protect the web page structure when handling error messages. This can allow a remote attacker to conduct cross-site scripting attacks. Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with the Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php.

Recommendations For versions prior to 23.5.601, upgrade to release 23.5.601 or later to fix the issue. As a temporary workaround, consider restricting access to the proxy.php script until the upgrade is applied. There are no known workarounds for this vulnerability, so upgrading to the fixed release is the recommended course of action.