Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JavaScript Injection via url encoded values in links in Collabora Office Android
Vulnerability Description
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
Web页面编码URIScheme转义处理不恰当
Vulnerability Title
Collabora Online 安全漏洞
Vulnerability Description
Collabora Online是英国Collabora公司的一个应用软件。一个强大的基于 LibreOffice 的在线办公室,支持所有主要的文档、电子表格和演示文件格式。 Collabora Online 24.04.6.2之前版本存在安全漏洞,该漏洞源于在移动(Android/iOS)设备版本中,可以通过文档中的链接注入URL编码的JavaScript值。
CVSS Information
N/A
Vulnerability Type
N/A