CVE-2024-29182 Information

Description

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which if hovered over to produce a tooltip could be executed by the user’s browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online 22.04 21.11 etc. are unaffected.

Reference

https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398