XSS Vulnerability in Horde Mime_Viewer Allows Account Takeover
CVE-2022-26874 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
Learn more about our Cis Benchmark Audit For Microsoft Office.