CVE-2021-32745

EPSS 0.21%
Veröffentlicht 21.07.2021 18:15:09
Zuletzt bearbeitet 21.11.2024 06:07:39
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. The issue is patched in Collabora Online 6.4.9-5. Collabora Online 4.2 is not affected.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Collabora ≫ Online Version > 4.2 < 6.4.9-5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.432

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
security-advisories@github.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/CollaboraOnline/online/security/advisories/GHSA-w536-654v-cjj9

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32745

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-32745