Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS

Stored Cross Site Scripting

I found a stored XSS bug that could allow an attacker to steal user email conversations, contacts in mail.ru and myMail iOS applications (version 12.2.1)