Mahdi Pasche

**Name of the Vulnerable Software and Affected Versions** Horde Mime Viewer versions prior to 2.2.4 **Description** The issue allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider disabling the rendering of OpenOffice documents in lib/Horde/Mime/Viewer/Ooo.php until a patch is available. Restrict access to the `lib/Horde/Mime/Viewer/Ooo.php` file to minimize the risk of exploitation.