Situation
Cross Site Scripting Vulnerability in Horde Webmail discovered in the Horde webmail.
Impact
A code vulnerability in Horde that allows an attacker to gain full access to the email account when it loads the preview of an OpenOffice document from an email attachment.
Call to Action
The vulnerability has no official patch, yet, from the Horde vendor. So you may either apply a workaround or switch webmail to Roundcube ( How to switch the webmail for a subscription?)
Note: Thus, the vulnerable feature will not be used, and the Horde instance will be protected against exploitation of this vulnerability.