Online
CVE-2024-45045
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.
AnalysisAI
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-84. Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability. Affected products include: Collabora Online.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 5.3
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Rated high sev
Collabora Online is a collaborative online office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1
Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1
Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 6.1), this vulnerability is remotel
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today