Situation
Cross Site Scripting Vulnerability in Horde Webmail discovered in the Horde webmail.
Impact
A code vulnerability in Horde that allows an attacker to gain full access to the email account when it loads the preview of an OpenOffice document from an email attachment.
Call to Action
The vulnerability has no official patch, yet, from the Horde vendor. So you may either apply a workaround or switch webmail to Roundcube ( How to switch the webmail for a subscription?)
Warning: The patch disables OpenOffice documents to be rendered by the Horde.
Users will still be able to download the OpenOffice documents and view them locally, but Horde won't attempt to render it in the browser.
Note: Thus, the vulnerable feature will not be used, and the Horde instance will be protected against exploitation of this vulnerability.