RelateIQ: Cross Site Scripting (XSS) -

ID H1:2439
Type hackerone
Reporter quistertow
Modified 2014-08-07T16:09:28


I found a XSS vulnerability in ! 1. Go to and click "Register as a new user" 2. Agree the terms and click Continue. Now choose to connect to MS exchange (Microsoft Exchange Click to connect MS Exchange or Office365) 3.Now enter a random email and click "Connect email" 4. You will receive a error message and 2 new inputs . In the email field put this"><img src=x onerror=alert(document.domain)> and in the "Override Endpoint Address" put a random website ( 5.Now click on "Connect email" and you will see the XSS alert.