VYPR
Vendor

Collaboraonline

Products
3
CVEs
16
Across products
20
Status
Private

Products

3

Recent CVEs

16
  • CVE-2025-27791HigApr 15, 2025
    risk 0.47cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to…

  • CVE-2024-37311HigAug 23, 2024
    risk 0.46cvss 8.2epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is…

  • CVE-2026-23623MedFeb 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download…

  • CVE-2025-24796MedMar 6, 2025
    risk 0.34cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download…

  • CVE-2025-66208Dec 3, 2025
    risk 0.00cvss epss 0.01

    Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode…

  • CVE-2024-45045Aug 29, 2024
    risk 0.00cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript…

  • CVE-2024-29182Apr 4, 2024
    risk 0.00cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce…

  • CVE-2024-25114Mar 11, 2024
    risk 0.00cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly…

  • CVE-2023-49782Dec 8, 2023
    risk 0.00cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server…

  • CVE-2023-49788Dec 8, 2023
    risk 0.00cvss epss 0.01

    Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be…

  • CVE-2023-48314Dec 1, 2023
    risk 0.00cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server…

  • CVE-2023-34088May 31, 2023
    risk 0.00cvss epss 0.00

    Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an…

  • CVE-2023-31145May 15, 2023
    risk 0.00cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform…

  • CVE-2021-43817Dec 13, 2021
    risk 0.00cvss epss 0.01

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and…

  • CVE-2021-32745Jul 21, 2021
    risk 0.00cvss epss 0.01

    Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the…

  • CVE-2021-32744Jul 21, 2021
    risk 0.00cvss epss 0.01

    Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the…