Microsoft has patched a major vulnerability in the recent Microsoft outlook for Android. The vulnerability practically opens the door for cross-site scripting (XSS) attacks. The CVE-2019-1105 is termed as important by the Microsoft, the spoofing vulnerability that existing in the outlook allows the android software parses the specifically crafted email messages. According to the Thursday advisory issued by the Microsoft, an authenticated attacker could exploit the vulnerability by sending the specifically crafted messages to the victims. The attacker who has successfully exploited the vulnerability could then perform cross-site scripting attacks that result in systems getting affected while the run scripts in the security context of the current user.