CVE-2024-29182 MEDIUM

CVE-2024-29182: Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip

Vendor Collaboraonline
Product online
Weakness CWE-79 · XSS
Published April 4, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.

Key dates

02Disclosure timeline

April 4, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-25781 WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) CVE-2024-8726 MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting CVE-2025-52774 WordPress Infility Global plugin <= 2.15.06 - Cross Site Scripting (XSS) vulnerability CVE-2022-47608 WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS) CVE-2024-13582 Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting