Collabora Online vulnerabilities
7 known vulnerabilities affecting collabora/online.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2025-66208P2CRITICALCVSS 9.8fixed in 25.04.7022025-12-03
CVE-2025-66208 [CRITICAL] CWE-78 CVE-2025-66208: Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of t
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server ap
nvd
CVE-2021-32744P3HIGHCVSS 7.5fixed in 4.2.17-1≥ 6.4.0, < 6.4.9-52021-07-21
CVE-2021-32744 [HIGH] CWE-639 CVE-2021-32744: Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this f
nvd
CVE-2024-45045P4MEDIUMCVSS 6.1fixed in 24.04.6.22024-08-29
CVE-2024-45045 [MEDIUM] CWE-84 CVE-2024-45045: Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobi
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app co
nvd
CVE-2024-25114P4MEDIUMCVSS 5.3fixed in 21.11.9.4≥ 22.05.0, < 22.05.22+1 more2024-03-11
CVE-2024-25114 [MEDIUM] CWE-200 CVE-2024-25114: Collabora Online is a collaborative online office suite based on LibreOffice technology. Each docume
Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions
nvd
CVE-2021-43817P4MEDIUMCVSS 6.1fixed in 4.2.20≥ 6.4.0, < 6.4.162021-12-13
CVE-2021-43817 [MEDIUM] CWE-79 CVE-2021-43817: Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This woul
nvd
CVE-2023-31145P4MEDIUMCVSS 6.1fixed in 6.4.27≥ 21.06.2, < 21.11.9+1 more2023-05-15
CVE-2023-31145 [MEDIUM] CWE-79 CVE-2023-31145: Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulner
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account takeover attack. The vulnerability allows attackers to
nvd
CVE-2021-32745P4MEDIUMCVSS 6.1fixed in 6.4.9-52021-07-21
CVE-2021-32745 [MEDIUM] CWE-79 CVE-2021-32745: Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set
nvd