Steps to reproduce:
- Use any fake mailer, or use any open relay SMTP server that trigger the phishing alert.
- Send an email to the victim GMail address with the From field:
<img src=# onerror=alert(document.cookie)>.
- Choose UTF-8 as encoding.
- Open your Gmail in the basic HTML layout.
- Open the received email. BOOM!
Vulnerability status: FIXED !