lemlist - HackerOne Reports
View on HackerOne11
Total Reports
0
Critical
3
High
4
Medium
3
Low
stored xss via Campaign Name.
Reported by:
omarelfarsaoui
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Stored XSS in app.lemlist.com
Reported by:
solov9ev
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Unrestricted File Upload on https://app.lemlist.com
Reported by:
ctulhu
|
Disclosed:
Medium
Weakness: Unrestricted Upload of File with Dangerous Type
stored xss in app.lemlist.com
Reported by:
omarelfarsaoui
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Stored XSS at [ █████ ] in " LINKEDIN URL" Field.
Reported by:
xploiterr
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Clickjacking at app.lemlist.com
Reported by:
scriptsavvy
|
Disclosed:
High
Weakness: UI Redressing (Clickjacking)
app.lemlist.com : Admin Panel Access
Reported by:
omarelfarsaoui
|
Disclosed:
Weakness: Improper Access Control - Generic
SSRF in img.lemlist.com that leads to Localhost Port Scanning
Reported by:
arsene_lupin
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
[app.lemlist.com] Improper handling of payment lead to bypass payment
Reported by:
omarelfarsaoui
|
Disclosed:
High
Weakness: Business Logic Errors
CVE-2019-19935 - DOM based XSS in the froala editor
Reported by:
chackal
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - DOM
Security misconfiguration
Reported by:
mr23r0
|
Disclosed:
High
Weakness: Misconfiguration