CVE-2021-43817: Reflected Cross-Site-Scripting vulnerability in Collabora Online
First published: Mon Dec 13 2021(Updated: )
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Collabora Online | <4.2.20 | |
| Collabora Online | >=6.4.0<6.4.16 | |
| <4.2.20 | ||
| >=6.4.0<6.4.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/collabora
- canonical/collabora online
- version/collabora online/6.4.0