![]() This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. Necessarily indicate when this vulnerability wasĭiscovered, shared with the affected vendor, publicly Like starting a car with the hood open, sometimes you need to run your program with certain analysis tools attached to get a full sense of what is going wrong or right. ![]() ![]() The CVE ID was allocated or reserved, and does not Written by Gabriel Krisman Bertazi, Software Engineer at Collabora. The list is not intended to be complete.ĭisclaimer: The record creation date may reflect when Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a. The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage.
0 Comments
Leave a Reply. |