Impact
A stored XSS vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser.
Patches
Users should upgrade to Collabora Online 23.05.10.1 or higher; Earlier series of Collabora Online, 22.04, 21.11, etc are unaffected.
Credits
Thanks to David Miller from cyllective AG (https://cyllective.com/) for reporting this flaw.
For more information
If you have any questions or comments about this advisory:
cydave Finder
Impact
A stored XSS vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser.
Patches
Users should upgrade to Collabora Online 23.05.10.1 or higher; Earlier series of Collabora Online, 22.04, 21.11, etc are unaffected.
Credits
Thanks to David Miller from cyllective AG (https://cyllective.com/) for reporting this flaw.
For more information
If you have any questions or comments about this advisory: