Stored XSS in Microsoft outlook

kminthein
kminthein
May 28, 2020 · 1 min read

Copy from one of my 2018 blog post.

I want share about my finding in Microsoft outlook IOS application that could affect 2.62.0 and below. I’m not bounty hunter and i really don’t want to become. When I have free time, i choose random websites or apps. Two months ago, i upload a file via Microsoft out using web based application with extension name….

'"><img src=x onerror="alert(window.clientInformation.appVersion);">.jpg

Nothing happened in their core website and i think “Wait what if vulnerable to XSS in ios app?” and then i opened this message via ios app and the result is

I speak myself “OMG!!”. The problem is that they missed to standardize in IOS side. Yes, they do properly in outlook.live.com. So this vulnerability becomes Stored(blind) XSS.

I reported to Microsoft MSRC and they placed my name in their security researcher list, lol i don’t think myself as security researcher.

https://technet.microsoft.com/en-us/security/cc308589.aspx

Thanks everyone who read this write-up.

qwerty