Home > Vulnerability Database > CVE-2024-45045

Mend.io Vulnerability Database

CVE-2024-45045

Good to know:

Date: August 29, 2024

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.

Language: JS

Severity Score

6.3

Related Resources (3)

Url: https://github.com/CollaboraOnline/online/security/advisories/GHSA-78cg-rg4q-26qv

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45045

Url: https://www.mend.io/vulnerability-database/CVE-2024-45045

Severity Score

6.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Improper Neutralization of Encoded URI Schemes in a Web Page

CWE-84

Top Fix

Upgrade Version

Upgrade to version cp-24.04.6-2

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45045

Good to know:

Date: August 29, 2024

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?