XSS Vulnerability in Horde Mime_Viewer Affecting Horde Groupware Webmail Edition
CVE-2022-26874

5.4MEDIUM

Key Information:

Vendor

Horde

Vendor
CVE Published:
11 March 2022

What is CVE-2022-26874?

The vulnerability in Horde Mime_Viewer prior to version 2.2.4 allows attackers to exploit Cross-Site Scripting (XSS) via specially crafted OpenOffice documents. This XSS attack can lead to potential account takeover in Horde Groupware Webmail Edition, particularly following XSLT rendering processes. This presents significant security risks for users, as it can enable unauthorized access to sensitive information and escalate privileges.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.