The outlook web app service is a mail service provided by Microsoft. A researcher named Max discovered a Copy and Paste XSS vulnerability in the web service in 2021.
However, I was able to bypass that patch using the <template> tag. Yea this was a simple Sanitizer bypass where I could inject an <iframe>, <script> tag.
- 2022-03-15 15h 00m : Reported this issue via the msrc
- 2022-03-15 01h 37m : Status changed to New
- 2022-03-17 06h 27m : Status changed from New to Review / Repro
- 2022-04-09 08h 33m : Status changed from Review / Repro to Develop
- 2022-04-26 02h 26m : Status changed from Develop to Pre-Release
- 2022-05-21 07h 02m : Status changed from Pre-Release to Complete