How severe is CVE-2024-45045?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2024-45045?

This is classified as CWE-84, which is a common weakness in software security.

CVE-2024-45045 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2020-7011

MEDIUM

CVSS:6.1(Medium)

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be ...

CWE-842020

CVE-2021-3824

MEDIUM

CVSS:6.1(Medium)

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.

CWE-842021

CVE-2025-25323

MEDIUM

CVSS:5.5(Medium)

An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25324

MEDIUM

CVSS:5.5(Medium)

An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25325

MEDIUM

CVSS:5.5(Medium)

An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25326

MEDIUM

CVSS:5.5(Medium)

An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025