CVE-2024-45045— Collabora Online 安全漏洞

JavaScript Injection via url encoded values in links in Collabora Office Android

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Web页面编码URIScheme转义处理不恰当

Collabora Online 安全漏洞

Collabora Online是英国Collabora公司的一个应用软件。一个强大的基于 LibreOffice 的在线办公室，支持所有主要的文档、电子表格和演示文件格式。 Collabora Online 24.04.6.2之前版本存在安全漏洞，该漏洞源于在移动(Android/iOS)设备版本中，可以通过文档中的链接注入URL编码的JavaScript值。

N/A

N/A