XVIDEOS: Stored XSS via SMTP Error Message
A Stored Cross-Site Scripting XSS vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were passed into the html method without proper sanitization, allowing an attacker to store and execute...