CVE-2023-6186


Link targets allow arbitrary script execution

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.


We have discovered 165 live websites that are affected by CVE-2023-6186.

Contact us to get more info



Affected Software

Product  LibreOffice
Category Content Management System
Vulnerable Versions
  • from 7.5 before 7.5.9
  • from 7.6 before 7.6.4
Total Vulnerable Versions195
Vulnerable Domains165 live websites (4.89% of LibreOffice install base)



Details

  • Published - Dec 11, 2023
  • Updated - Dec 11, 2023

Credits

  • Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue (reporter)




Countries

United States23 websites


Germany62 websites
France14 websites
GB9 websites
Netherlands8 websites
Czech Republic5 websites
Switzerland4 websites
Austria3 websites
Cyprus3 websites
Italy3 websites

TLDs

.de44 websites
.com35 websites
.net11 websites
.fr8 websites
.org8 websites
.eu8 websites
.nl5 websites
.cz5 websites
.org.uk4 websites
.it3 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2023-6186

Top websites that are affected by CVE-2023-6186. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.****.fr France***,***
*******.org United Arab Emirates***,***
**.*****.cz Czech Republic***,***
********.****.fr France*,***,***
*******.*************.net United States*,***,***
*******.nl Netherlands*,***,***
********.net France*,***,***
*********.net United States*,***,***
*******.com United States*,***,***
*********.******.pl Poland*,***,***
See full domain list