Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Stripo Inc - HackerOne Reports

View on HackerOne

70

Total Reports

5

Critical

12

High

43

Medium

7

Low

Improper Authorization

Reported by: abdellah29 | Disclosed:

High

Weakness: Improper Authorization

[www.stripo.email] You can bypass the speed limit by changing the IP.

Reported by: what_web | Disclosed:

Medium

Weakness: Information Exposure Through Debug Information

Open memory dump method leaking customer information ,secret keys , password , source code & admin accounts

Reported by: secyour-org | Disclosed:

Critical

Weakness: Exposed Dangerous Method or Function

Bypassing Content-Security-Policy leads to open-redirect and iframe xss

Reported by: echidonut | Disclosed:

Medium

Weakness: Open Redirect

Ability to use premium templates as free user via https://stripo.email/templates/?utm_source=viewstripo&utm_medium=referral

Reported by: 20kilograma | Disclosed:

High

Weakness: Business Logic Errors

SSRF via Export Service in ActiveCampaign

Reported by: dotsecurity | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Stored XSS in template comments.

Reported by: renekroka | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Tabnabbing in template comments - stripo.email

Reported by: renekroka | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Stored XSS at Module Name

Reported by: 20kilograma | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX

Reported by: eliel | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

SSL cookie without secure flag set

Reported by: classifled | Disclosed:

Medium

No length on password

Reported by: prateek_thakare | Disclosed:

Medium

Able to change password by entering wrong old password

Reported by: rutik346 | Disclosed:

Weakness: Cryptographic Issues - Generic

Upload Profile Photo in any folder you want with any extension you want

Reported by: whoisbinit | Disclosed:

Critical

Weakness: Privilege Escalation

No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address

Reported by: whoisbinit | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

SSRF in Export template to ActiveCampaign

Reported by: c1kada | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

OLD SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE

Reported by: aishkendle | Disclosed:

Medium

Clickjacking on my.stripo.email for MailChimp credentials

Reported by: jasongardner | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Redirection through referer tag

Reported by: b341eb9552f61203c850a10 | Disclosed:

Low

HTTP Request Smuggling on my.stripo.email

Reported by: codeslayer1337 | Disclosed:

High

Page 1 of 4 Next