CVE-2023-2255

CVE-2023-2255: Remote documents loaded without prompt via IFrame

Vendor The Document Foundation

Product LibreOffice

Weakness CWE-264

Published May 25, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

Key dates

02Disclosure timeline

May 25, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2255

Related vulnerabilities

Identifiers

CVE CVE-2023-2255

CWE CWE-264

Affected versions

Vendor The Document Foundation

Product LibreOffice

Affected ≥ 7.4 and < 7.4.7

Vendor The Document Foundation

Product LibreOffice

Affected ≥ 7.5 and < 7.5.3

CVE-2023-2255: Remote documents loaded without prompt via IFrame

01Description

02Disclosure timeline

03References

04Related CVE