Reported by NightRanger on 14 Aug 2012 19:55 UTC as Trac ticket #1488613
Send an html formatted email to the victim with the following html code: Click Me.
The insert link function doesn't validates URL properly.
once the user clicks on the url the XSS should be triggered.
In order to trigger this XSS you should insert the payload: "> into your signature
Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.
Comment by @alecpl on 15 Aug 2012 08:13 UTC
Milestone changed by @alecpl on 15 Aug 2012 08:13 UTC
later => 0.8.1
Comment by @alecpl on 15 Aug 2012 09:24 UTC
Status changed by @alecpl on 15 Aug 2012 09:24 UTC
new => closed