Discovered by Bui Quang Minh
The most of popular Mail Client now exclude Script Code for mail content. It aims to avoid the type of XSS exploitation (For e.g: stolen cookie).
IncrediMail also remove Script Code when the user read mail. However, I found the "Reply" and "Forward" function of the mail client has not handled mail content well resulting in XSS vulnerability.
Of course, this leads to a lot of risk to users as lost sensitive information, cookies, ...
I reported to the manufacturer!
The most of popular Mail Client now exclude Script Code for mail content. It aims to avoid the type of XSS exploitation (For e.g: stolen cookie).
IncrediMail also remove Script Code when the user read mail. However, I found the "Reply" and "Forward" function of the mail client has not handled mail content well resulting in XSS vulnerability.
Of course, this leads to a lot of risk to users as lost sensitive information, cookies, ...
I reported to the manufacturer!
0 comments:
Post a Comment