Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CollaboraOnline — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting CollaboraOnline. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CollaboraOnline serves as an open-source office suite alternative for collaborative document editing, commonly deployed as a self-hosted solution. Historically, it has faced vulnerabilities across multiple classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with 16 CVEs documented to date. While no major public security incidents have been widely reported, the platform's web-based nature and integration with document processing libraries present persistent attack surfaces. Regular security updates and careful configuration remain critical for mitigating risks associated with its complex architecture and third-party dependencies.

Top products by CollaboraOnline: online
CVE IDTitleCVSSSeverityPublished
CVE-2026-23623 Collabora Online vulnerable to Authorization Bypass — onlineCWE-285 5.3 Medium2026-02-05
CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy — onlineCWE-78 8.8AIHighAI2025-12-03
CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write — onlineCWE-23 6.8AIMediumAI2025-04-15
CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled — onlineCWE-829 9.8 -2025-03-06
CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android — onlineCWE-84 6.3 Medium2024-08-29
CVE-2024-37311 Collabora Online's remote host TLS certificates are not fully verified — onlineCWE-295 8.2 High2024-08-23
CVE-2024-29182 Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip — onlineCWE-79 6.1 Medium2024-04-04
CVE-2024-25114 Sensitive Information Disclosure (JailID) to users in Collabora Online — onlineCWE-200 2.6 Low2024-03-11
CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode — onlineCWE-79 7.1 High2023-12-08
CVE-2023-49788 Improper handling of browser-side provided input in richdocuments path handling — onlineCWE-501 7.2 High2023-12-08
CVE-2023-48314 Unescaped passing of the request URL in Collabora Online — onlineCWE-79 7.1 High2023-12-01
CVE-2023-34088 Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface — onlineCWE-79 8.7 High2023-05-31
CVE-2023-31145 Reflected XSS vulnerability in CollaboraOnline — onlineCWE-79 4.3 Medium2023-05-15
CVE-2021-43817 Reflected Cross-Site-Scripting vulnerability in Collabora Online — onlineCWE-79 8.2 High2021-12-13
CVE-2021-32745 Reflected Cross-Site-Scripting vulnerability — onlineCWE-79 7.3 High2021-07-21
CVE-2021-32744 Unauthenticated attacker could gain access to currently open files — onlineCWE-639 9.8 Critical2021-07-21

This page lists every published CVE security advisory associated with CollaboraOnline. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.