Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS
Stored Cross Site Scripting
I found a stored XSS bug that could allow an attacker to steal user email conversations, contacts in mail.ru and myMail iOS applications (version 12.2.1)
https://medium.com/kminthein/story-of-stealing-mail-conversation-contacts-in-mail-ru-and-mymail-ios-applications-via-xss-1e49c4ed560