We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | mitre |
Reserved | 2022-03-11 |
Published | 2022-03-11 |
Updated | 2024-10-19 |
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5
https://lists.debian.org/debian-lts-announce/2022/06/msg00007.html ([debian-lts-announce] 20220606 [SECURITY] [DLA 3045-1] php-horde-mime-viewer security update)
https://lists.debian.org/debian-lts-announce/2022/08/msg00021.html ([debian-lts-announce] 20220831 [SECURITY] [DLA 3089-1] php-horde-mime-viewer security update)