XSS ZeroDay in Horde Webmail
A zero-day cross-site scripting (XSS) vulnerability in Horde webmail client could allow an attacker to steal a victim’s emails and infiltrate their network, researchers warn.
Researchers revealed that the client is vulnerable to a stored XSS vulnerability that is yet to be patched. The stored XSS is triggered by the process of rendering an OpenOffice file into a viewable format.
An OpenOffice document is a ZIP file containing XML documents and other files. When Horde is asked to convert an OpenOffice document to HTML to be previewed, it uses XSLT. The converted document is returned to the user without any sanitization.
The security flaw can give an attacker access to all information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization.
This was reported to Horde project in August 2021 but due to no response, vulnerability made public Users will still be able to download the OpenOffice documents and view them locally, but Horde won’t attempt to render it in the browser.