CVE-2023-2255: Remote documents loaded without prompt via IFrame

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-2255

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Remote documents loaded without prompt via IFrame

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

权限、特权和访问控制

Source: NVD (National Vulnerability Database)

Vulnerability Title

LibreOffice 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

LibreOffice是文档基金会（The Document Foundation，tdf）的一套开源的办公软件套件。该产品包含Writer（文本文档）、Calc（电子表格）和Impress（演示文稿）等应用程序。 Document Foundation LibreOffice 7.4 7及之前的版本、7.5.3 及之前版本存在安全漏洞，该漏洞源于编辑器组件中访问控制不当，允许攻击者制作一个文档，该文档会导致在没有提示的情况下加载外部链接。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
The Document Foundation	LibreOffice	7.4 ~ 7.4.7	-

II. Public POCs for CVE-2023-2255

#	POC Description	Source Link	Shenlong Link
1	CVE-2023-2255 Libre Office	https://github.com/elweth-sec/CVE-2023-2255	POC Details
2	exploit from CVE-2023-2255	https://github.com/Mathieuleto/CVE-2023-2255	POC Details
3	None	https://github.com/SaintMichae64/CVE-2023-2255	POC Details
4	CVE-2023-2255 for LPE	https://github.com/G4sp4rCS/CVE-2023-2255	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-2255

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: LibreOffice

Same vendor: The Document Foundation

Same weakness: CWE-264

V. Comments for CVE-2023-2255

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-2255

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-2255

III. Intelligence Information for CVE-2023-2255

IV. Related Vulnerabilities

V. Comments for CVE-2023-2255

Leave a comment