Basecamp: stored XSS in hey.com message content

Hi I found a stored xss using messagecontent parameter when forwarding an email or saving it as draft , and when the victim click on the email to view it, it gets executed . I used this payload as the message content : From: "f" To: [email protected] Message-ID: Subject:...