CVE-2020-12432

Exploit

EPSS 0.29%
Veröffentlicht 21.07.2020 14:15:14
Zuletzt bearbeitet 21.11.2024 04:59:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Collaboraoffice ≫ Collabora Online Development Edition Version <= 4.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.519

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/d7x/CVE-2020-12432

Third Party Advisory

Exploit

https://www.youtube.com/watch?v=_tkRnSr6yc0

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-12432

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12432

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12432

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-12432