CVE-2022-26874

More information about this CVE will likely be available in a few days.

Description

lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.

Related CPE's

Could not find any relations

References

https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5

https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io