Looks valid to me at first glance... Malicious user could specify crafted email address which then would XSS the admin... Waiting on horizon-coresec to confirm, though.
Looks valid to me at first glance... Malicious user could specify crafted email address which then would XSS the admin... Waiting on horizon-coresec to confirm, though.