XSS via Email Link
Unknown
Vulnerability Details
Hey,
So, we can send emails to team email address like - **[email protected]** . In the email body if there is a hyperlink pointing to `javascript:alert(0);` or any other `javascript: URI` then open viewing the email in your web application with *original HTML* view and then on clicking it will trigger javascript execution, that is XSS.
Thanks!
Actions
View on HackerOneReport Stats
- Report ID: 8010
- State: Closed
- Substate: resolved
- Upvotes: 3