I am Pentester as well as bug hunter from Bangladesh.
- Geary version: 0.12.2-2
- Installation method: I downloaded from website. source code
- Your desktop: 3.28.2
- Your operating system and version: Kali linux
- Email provider: outlook
Steps to reproduce
- This is a xss on other third party website I can not give you proper code without their permission. Atleast I can tell you is it's stored xss in one of their mail. It's pop up in your app.
This is the source code:-
<strong style="color:#3d3d3d;">Admin:</strong> <span style="color:#002050;">"><img src="x" onerror="prompt(1)"> Cipher/span>
What is the current bug behavior?
It's give me xss pop
What is the expected correct behavior? I tried on thunderbird. it didn't work. I think you should fix this issue.
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's very hard to read otherwise. If the bug is a crash, please obtain a stack trace and attach it to this bug.)