Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Macro URL arbitrary script execution
Vulnerability Description
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
LibreOffice 参数注入漏洞
Vulnerability Description
LibreOffice是文档基金会(The Document Foundation,tdf)的一套开源的办公软件套件。该产品包含Writer(文本文档)、Calc(电子表格)和Impress(演示文稿)等应用程序。 The Document Foundation LibreOffice 7.3版本至7.3.6版本、7.4版本至7.4.1版本存在安全漏洞。攻击者利用该漏洞执行任意脚本而不发出警告。
CVSS Information
N/A
Vulnerability Type
N/A