CVE-2025-64402 Apache OpenOffice: Remote documents loaded without prompt via OLE objects

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

PT-2022-18118 · Apache +1 · Openoffice +2

Name of the Vulnerable Software and Affected Versions: Horde Mime Viewer versions prior to 2.2.4 Description: The issue allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. Recommendations: For versions prior to...

Horde Groupware Webmail 跨站脚本漏洞

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A security vulnerability exists in the lib/Horde/Mime/Viewer/Ooo.php file in Horde Groupware Webmail. The vulnerability stems from the fact that the file allows cross-site scripting attacks utilizin...

Horde Webmail 5.2.22 - Account Takeover via Email

Horde Webmail is a free, enterprise-ready, and browser-based communication suite developed by the Horde project. It is a popular webmail solution for universities and government agencies to exchange sensitive email messages on a daily basis. It is also shipped as part of the popular hosting...