Impact
In the Android variant of Collabora Office it was possible to inject JavaScript via url encoded values in links contained in documents.
Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high.
Patches
Non-andoid variants are not affected. Users of the Android variant should update to the latest version provided by the appstore.
For more information
If you have any questions or comments about this advisory:
Credits
Thanks to @tehofu for reporting this issue
tehofu Reporter
Impact
In the Android variant of Collabora Office it was possible to inject JavaScript via url encoded values in links contained in documents.
Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high.
Patches
Non-andoid variants are not affected. Users of the Android variant should update to the latest version provided by the appstore.
For more information
If you have any questions or comments about this advisory:
Credits
Thanks to @tehofu for reporting this issue