Persistent Cross-Site scripting in E-mail Tab

Description

Hi,
during an evaluation for one of our clients we found that Javascript that is entered into the subject line of an E-mail will be executed when viewing the Message in the "E-mails" Tab. The Subject is this case was "<script>alert(1)</script>" (see attached screenshots)

Environment

None

Preliminary Test Cases

None

Assignee

Tibor Hegyi

Reporter

Peter Babel

Labels

None

Access to limited visibility issues

None

Product platform

None

Module Dependency

None

Components

Fix versions

Affects versions

Priority

Major
Configure