When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
If they succeed, the first-stage payload that exploits the XSS flaw will automatically be triggered.
After that, the attackers would deploy the second payload capable of harvesting emails.
No manual intervention other than viewing the message in a web web client is required," ESET said.
The attack was spotted on October 11 and fixed on October 16.
ViaBleepingComputer
