Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Stored-XSS vulnerability lead to remote code execution #5397
there is no x-content-type-options:nosniff header when viewing raw file.
save it to .eml file , and open it in IE11
add x-content-type-options:nosniff header to prevent browser from mime type sniffing , just as github / gitlab would do.
Wenxu Wu of Tencent's Xuanwu Lab