CVE-2023-34088

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:collaboraoffice:collabora_online::::::::
	cpe:2.3:a:collaboraoffice:collabora_online::::::::
	cpe:2.3:a:collaboraoffice:collabora_online::::::::

History

08 Jun 2023, 01:43

Type	Values Removed	Values Added
CPE		cpe:2.3:a:collaboraoffice:collabora_online::::::::
References	~~(MISC) https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr -~~	(MISC) https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr - Third Party Advisory
CWE		CWE-79
First Time		Collaboraoffice collabora Online Collaboraoffice
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

31 May 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-31 19:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-34088

Mitre link : CVE-2023-34088

CVE.ORG link : CVE-2023-34088

JSON object : View

Products Affected

collaboraoffice

collabora_online

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-34088", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}]}, "published": "2023-05-31T19:15:27.290", "references": [{"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch."}], "lastModified": "2023-06-08T01:43:01.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:collaboraoffice:collabora_online:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD758C01-7062-4D64-8E21-0379AF524D7C", "versionEndExcluding": "6.4.27"}, {"criteria": "cpe:2.3:a:collaboraoffice:collabora_online:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6343E76-C7E4-463B-AE2A-EDA63550C4D1", "versionEndExcluding": "21.11.9.1", "versionStartIncluding": "21.0"}, {"criteria": "cpe:2.3:a:collaboraoffice:collabora_online:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DC6EBB9-CB83-474B-8E86-C780B1A8D6A5", "versionEndExcluding": "22.05.13", "versionStartIncluding": "22.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}