We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-26874



Assignermitre
Reserved2022-03-11
Published2022-03-11
Updated2024-10-19

Description

lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.

References

https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/

https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5

https://lists.debian.org/debian-lts-announce/2022/06/msg00007.html ([debian-lts-announce] 20220606 [SECURITY] [DLA 3045-1] php-horde-mime-viewer security update) mailing-list

https://lists.debian.org/debian-lts-announce/2022/08/msg00021.html ([debian-lts-announce] 20220831 [SECURITY] [DLA 3089-1] php-horde-mime-viewer security update) mailing-list

cve.org CVE-2022-26874

nvd.nist.gov CVE-2022-26874

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.