An unusual XSS vulnerability in the Horde webmailer. The vulnerability allows an attacker to craft a malicious OpenOffice document that, when previewed as an email attachment, enables an attacker to steal all emails from the victim. Since there is no official patch available yet, we highly recommend to disable the affected feature #vuln #informatique

https://blog.sonarsource.com/horde-webmail-account-takeover-via-email