Nishant Das Patnaik

# Exploit Title: Persistent XSS in Rediffmail.com Email Subject Line
# Date: 27th January 2010
# Author: Nishant Das Patnaik
# Software Link: http://mail.rediff.com
# Version: NA
# Tested on: NA
# CVE : NA
# Code : An email sent with HTML tags in the subject line to any Rediff's
Email-Id (" @rediffmail.com ") is executed in the context of the victim on
any browser and any OS platform, the expected typical XSS behavior. A
screenshot has been attached for your further reference. An example subject
line may be <script>alert(document.cookie);</script><iframe src="> http://www.google.co.in"></iframe>

# Reported Vendor on 28th January 2010

# Vendor No Response

# Follow Up Email 2nd February 2010

# Vendor Response with Relevant Contact Details

# Reproduction Details Sent 3rd February 2010

# Vulnerability Fixed 4th February 2010 :)

Screenshot:

Make a Free Website with Yola.