Credits

Bug Hunters / Vulnerability Testers:
  • Dominique Climenti - www.kyos.ch
    (XSS injection when displaying message in list. XSS vulnerability when composing new email.)

  • Mike Cardwell - https://emailprivacytester.com/
    (XSS injection when Display Header)