eml-parsing

1 article
sort: new top best
clear filter
bug-bounty545 xss278 rce184 google160 exploit129 facebook126 malware126 microsoft125 bragging-post120 account-takeover110 cve103 open-source91 privilege-escalation88 csrf82 authentication-bypass75 stored-xss72 phishing71 access-control65 ai-agents63 reflected-xss61 apple56 input-validation53 web-security53 reverse-engineering50 ssrf49 writeup49 sql-injection49 cross-site-scripting48 dos48 browser47 supply-chain47 tool46 smart-contract46 defi45 ethereum45 privacy44 web-application43 web341 cloudflare40 information-disclosure39 llm37 responsible-disclosure37 opinion35 api-security35 burp-suite35 vulnerability-disclosure34 idor34 lfi34 automation34 race-condition33
0 6/10
Stored XSS in the heart of the russian email provider
bug-bounty

A stored XSS vulnerability was discovered in Mail.ru's .eml file parsing functionality, where the subject field from uploaded email files was reflected without sanitization, allowing attackers to inject JavaScript that executes when victims open the malicious message. The vulnerability could be weaponized as an XSS worm to steal session cookies and act on behalf of logged-in users.

stored-xss cross-site-scripting email-client file-upload eml-parsing input-validation session-theft worm-vector mail.ru responsible-disclosure
Mail.ru Seif Elsallamy Seekurity HackerOne CVE-2017-5244
seekurity.com · devanshbatham/Awesome-Bugbounty-Writeups · 14 hours ago · details