Collaboraonline
Products
3- 16 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27791 | Hig | 0.47 | — | 0.00 | Apr 15, 2025 | Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to… | ||
| CVE-2024-37311 | Hig | 0.46 | 8.2 | 0.00 | Aug 23, 2024 | Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is… | ||
| CVE-2026-23623 | Med | 0.34 | 5.3 | 0.00 | Feb 6, 2026 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download… | ||
| CVE-2025-24796 | Med | 0.34 | — | 0.00 | Mar 6, 2025 | Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download… | ||
| CVE-2025-66208 | 0.00 | — | 0.01 | Dec 3, 2025 | Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode… | |||
| CVE-2024-45045 | 0.00 | — | 0.00 | Aug 29, 2024 | Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript… | |||
| CVE-2024-29182 | 0.00 | — | 0.00 | Apr 4, 2024 | Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce… | |||
| CVE-2024-25114 | 0.00 | — | 0.00 | Mar 11, 2024 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly… | |||
| CVE-2023-49782 | 0.00 | — | 0.00 | Dec 8, 2023 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server… | |||
| CVE-2023-49788 | 0.00 | — | 0.01 | Dec 8, 2023 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be… | |||
| CVE-2023-48314 | 0.00 | — | 0.00 | Dec 1, 2023 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server… | |||
| CVE-2023-34088 | 0.00 | — | 0.00 | May 31, 2023 | Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an… | |||
| CVE-2023-31145 | 0.00 | — | 0.00 | May 15, 2023 | Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform… | |||
| CVE-2021-43817 | 0.00 | — | 0.01 | Dec 13, 2021 | Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and… | |||
| CVE-2021-32745 | 0.00 | — | 0.01 | Jul 21, 2021 | Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the… | |||
| CVE-2021-32744 | 0.00 | — | 0.01 | Jul 21, 2021 | Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the… |
- risk 0.47cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to…
- risk 0.46cvss 8.2epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is…
- risk 0.34cvss 5.3epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download…
- risk 0.34cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download…
- CVE-2025-66208Dec 3, 2025risk 0.00cvss —epss 0.01
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode…
- CVE-2024-45045Aug 29, 2024risk 0.00cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript…
- CVE-2024-29182Apr 4, 2024risk 0.00cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce…
- CVE-2024-25114Mar 11, 2024risk 0.00cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly…
- CVE-2023-49782Dec 8, 2023risk 0.00cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server…
- CVE-2023-49788Dec 8, 2023risk 0.00cvss —epss 0.01
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be…
- CVE-2023-48314Dec 1, 2023risk 0.00cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server…
- CVE-2023-34088May 31, 2023risk 0.00cvss —epss 0.00
Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an…
- CVE-2023-31145May 15, 2023risk 0.00cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform…
- CVE-2021-43817Dec 13, 2021risk 0.00cvss —epss 0.01
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and…
- CVE-2021-32745Jul 21, 2021risk 0.00cvss —epss 0.01
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the…
- CVE-2021-32744Jul 21, 2021risk 0.00cvss —epss 0.01
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the…