Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mixmax - HackerOne Reports

View on HackerOne

22

Total Reports

0

Critical

5

High

6

Medium

7

Low

Improper parsing of input could lead to future XSS vulnerabilities in Sequences

Reported by: joshualaurencio | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

SSRF via webhook

Reported by: cablej | Disclosed:

Weakness: Server-Side Request Forgery (SSRF)

[compose.mixmax.com] Stored XSS on compose.mixmax.com in contact names.

Reported by: sh3r1 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Privilege escalation-User who does not have access is able to add notes to the contact

Reported by: syntax-error | Disclosed:

High

Weakness: Privilege Escalation

CSRF

Reported by: leet-boy | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

no string size restriction on team name

Reported by: michan | Disclosed:

Low

Weakness: Memory Corruption - Generic

[app.mixmax.com] Stored XSS on Adding new enhancement.

Reported by: sh3r1 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Blind SSRF due to img tag injection in career form

Reported by: encrypt | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Missing restriction on string size of contact field

Reported by: mr_r3boot | Disclosed:

Low

Weakness: Violation of Secure Design Principles

CRLF Injection on https://vpn.mixmax.com

Reported by: sir_morty | Disclosed:

Low

Weakness: CRLF Injection

app.mixmax.com Information Discloure on cal.mixmax.com and Not Signing out after Removing information grant access from Google

Reported by: ykw1337 | Disclosed:

Medium

Stored XSS in Templates>Enahance>Social Badges

Reported by: hackedbrain | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

Design issue with webhook (several) notifications on mixmax.com

Reported by: be6bfca755e616cb69c1a51 | Disclosed:

Stored XSS templates -> 'call for action' feature

Reported by: r0h17 | Disclosed:

High

Public calendar link can be invisible

Reported by: faisal2542 | Disclosed:

Low

Weakness: Information Disclosure

Email Leakage in staging environment

Reported by: 0xspade | Disclosed:

Clickjacking on Mixmax.com

Reported by: mrnull1337 | Disclosed:

High

Weakness: UI Redressing (Clickjacking)

Security Vulnerability - SMTP protection not used

Reported by: ashishdhaduk | Disclosed:

Low

mailbomb through invite feature on chrome addon

Reported by: konkakarthik | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Attacker can trick other into logging in as themselves

Reported by: fixit | Disclosed:

Medium

Page 1 of 2 Next