XSS Vulnerability in Horde Mime_Viewer Allows Account Takeover

XSS Vulnerability in Horde Mime_Viewer Allows Account Takeover

CVE-2022-26874 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.

Learn more about our Cis Benchmark Audit For Microsoft Office.