[announce] [SECURITY] XSS vulnerability in Horde_Mime_Viewer_Ooo
Jan Schneider
jan at horde.org
Tue Mar 1 21:19:52 UTC 2022
The Horde Team is pleased to announce the final release of the
Horde_Mime_Viewer library version 2.2.3.
Horde_Mime_Viewer is a library that provides rendering drivers for MIME data.
An XSS vulnerability in the Open Document viewer has been reported by
Simon Scannell from SonarSource. You can find the full report and
mitigation measures at
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email
Thanks to Simon Scannell for reporting this issue and for the detailed
report, and apologies for not releasing a fix within the disclosure
embargo.
For upgrading instructions, please see
http://www.horde.org/apps/horde/docs/UPGRADING
The Horde Team.
--
Jan Schneider
The Horde Project
https://www.horde.org/
More information about the announce
mailing list