CVE-2024-29182
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-29182
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29182.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-29182
- Aliases
-
- GHSA-9gmw-5q2c-4398
- Published
- 2024-04-04T14:48:16.705Z
- Modified
- 2025-11-29T16:48:47.083212Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip
- Details
-
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29182.json", "cwe_ids": [ "CWE-79" ], "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/collaboraonline/online
Affected ranges
- Type
- GIT
- Repo
- https://github.com/collaboraonline/online
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.6.0-0
1.6.0-4-CODE
1.6.2-1
co-23.*
co-23.05-branch-point
Other
co-4-2-0-branch-point
collabora-online-1-0-branch-point
collabora-online-1-9-branch-point
collabora-online-2-0-branch-point
collabora-online-2-1-branch-point
collabora-online-3-0-branch-point
collabora-online-4-branch-point
for-code-assets
libreoffice-5-2-branch-point
libreoffice-5-3-branch-point
libreoffice-5-4-branch-point
libreoffice-6-0-branch-point
libreoffice-6-1-branch-point
libreoffice-6-2-branch-point
libreoffice-6-3-branch-point
libreoffice-6-4-branch-point
libreoffice-7-0-branch-point
cp-21.*
cp-21.06.2-0
cp-21.11.0-0
cp-21.11.0-1
cp-21.11.0-2
cp-21.11.0-3
cp-21.11.0-4
cp-21.11.0-5
cp-21.11.0-6
cp-21.11.3-0
cp-22.*
cp-22.05.0-1
cp-22.05.10-1
cp-22.05.3-1
cp-22.05.4-1
cp-22.05.5-1
cp-22.05.5-2
cp-22.05.5-3
cp-22.05.6-1
cp-22.05.7-1
cp-22.05.7-2
cp-22.05.8-1
cp-22.05.8-2
cp-23.*
cp-23.05.0-1
cp-23.05.0-2
cp-23.05.0-3
cp-23.05.0-4
cp-23.05.0-5
cp-23.05.1-1
cp-23.05.2-1
cp-23.05.2-2
cp-23.05.3-1
cp-23.05.4-1
cp-23.05.4-2
cp-23.05.5-1
cp-23.05.5-2
cp-23.05.7-1
cp-23.05.7-2
cp-23.05.7-3
cp-23.05.7-4
cp-23.05.7-5
cp-23.05.8-1
cp-23.05.8-2
cp-23.05.8-3
cp-23.05.8-4
cp-23.05.9-1
cp-23.05.9-2
cp-23.05.9-3
cp-23.05.9-4
helm-collabora-online-1.*
helm-collabora-online-1.0.1
helm-collabora-online-1.0.2
helm-collabora-online-1.1.0
helm-collabora-online-1.1.1
helm-collabora-online-1.1.2
helm-collabora-online-1.1.3
helm-collabora-online-1.1.4
helm-collabora-online-1.1.5
helm-collabora-online-1.1.6
helm-collabora-online-1.1.7
helm-collabora-online-1.1.8
helm-collabora-online-1.1.9
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 12585.0,
"function_hash": "123725711331292545528890238042699903388"
},
"signature_version": "v1",
"id": "CVE-2024-29182-03a002c0",
"source": "https://github.com/collaboraonline/online/commit/baa6eeff67b4bf71650b917ed319818e0a22bc65",
"target": {
"function": "ChildSession::loKitCallback",
"file": "kit/ChildSession.cpp"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"316952266872332475521695919215802520802",
"52823251593393820098598547056623822001",
"101169483075777190084435824576389057125",
"20144769585504732963934794505500782257",
"207330155813765245217610622982892077841",
"50722812132545840399236107599973511904"
]
},
"signature_version": "v1",
"id": "CVE-2024-29182-b5e8e073",
"source": "https://github.com/collaboraonline/online/commit/baa6eeff67b4bf71650b917ed319818e0a22bc65",
"target": {
"file": "kit/ChildSession.cpp"
}
}
]