XSS Vulnerability in Horde Mime_Viewer Affecting Horde Groupware Webmail Edition
CVE-2022-26874
5.4MEDIUM
What is CVE-2022-26874?
The vulnerability in Horde Mime_Viewer prior to version 2.2.4 allows attackers to exploit Cross-Site Scripting (XSS) via specially crafted OpenOffice documents. This XSS attack can lead to potential account takeover in Horde Groupware Webmail Edition, particularly following XSLT rendering processes. This presents significant security risks for users, as it can enable unauthorized access to sensitive information and escalate privileges.
