CVE-2023-49782 Cross-Site-Scripting vulnerability in richdocuments error message handling
Package
richdocumentscode
(richdocumentscode)
Affected versions
< 23.5.601
Patched versions
23.5.601
Description
Credits
-
Ry0taK Reporter
Impact
Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php.
Patches
The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601.
Workarounds
None, except removing Collabora Online - Built-in CODE Server (richdocumentscode) app or using standalone dedicated Collabora Online server.
Credits
Thanks to @Ry0taK for discovering and reporting this vulnerability