{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29182", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-18T17:07:00.092Z", "datePublished": "2024-04-04T14:48:16.705Z", "dateUpdated": "2024-08-02T01:10:54.093Z"}, "containers": {"cna": {"title": "Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398"}], "affected": [{"vendor": "CollaboraOnline", "product": "online", "versions": [{"version": ">= 23, < 23.05.10.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T14:48:16.705Z"}, "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected."}], "source": {"advisory": "GHSA-9gmw-5q2c-4398", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-05T13:05:10.741135Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:57:56.571Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.093Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398", "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.093Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-05T13:05:10.741135Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.155Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip", "source": {"advisory": "GHSA-9gmw-5q2c-4398", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "CollaboraOnline", "product": "online", "versions": [{"status": "affected", "version": ">= 23, < 23.05.10.1"}]}], "references": [{"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398", "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T14:48:16.705Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29182", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:10:54.093Z", "dateReserved": "2024-03-18T17:07:00.092Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-04T14:48:16.705Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected."}, {"lang": "es", "value": "Collabora Online es una suite ofim\u00e1tica colaborativa en l\u00ednea basada en LibreOffice. Se encontr\u00f3 una vulnerabilidad de Cross-Site Scripting almacenada en Collabora Online. Un atacante podr\u00eda crear un documento con un payload XSS en el texto del documento al que se hace referencia por campo que, si se pasa por encima para generar informaci\u00f3n sobre herramientas, podr\u00eda ser ejecutado por el navegador del usuario. Los usuarios deben actualizar a Collabora Online 23.05.10.1 o superior. Las series anteriores de Collabora Online, 22.04, 21.11, etc. no se ven afectadas."}], "id": "CVE-2024-29182", "lastModified": "2024-04-04T16:33:06.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-04T15:15:38.847", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-9gmw-5q2c-4398"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}