Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Stripo Inc - HackerOne Reports

View on HackerOne

70

Total Reports

5

Critical

12

High

43

Medium

7

Low

Bypassing Content-Security-Policy leads to open-redirect and iframe xss

Reported by: echidonut | Disclosed:

Medium

Weakness: Open Redirect

Ability to use premium templates as free user via https://stripo.email/templates/?utm_source=viewstripo&utm_medium=referral

Reported by: 20kilograma | Disclosed:

High

Weakness: Business Logic Errors

SSRF via Export Service in ActiveCampaign

Reported by: dotsecurity | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Stored XSS in template comments.

Reported by: renekroka | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Tabnabbing in template comments - stripo.email

Reported by: renekroka | Disclosed:

Low

Weakness: Violation of Secure Design Principles

No rate limiting for subscribe email + lead to Cross origin misconfiguration

Reported by: lmhu | Disclosed:

Medium

Weakness: Business Logic Errors

Email verification bypasa

Reported by: theoriginal | Disclosed:

High

Weakness: Incorrect Authorization

Stored XSS at Module Name

Reported by: 20kilograma | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bypass of #1047119: Missing Rate Limit while creating Plug-Ins at https://my.stripo.email/cabinet/plugins/

Reported by: savxiety | Disclosed:

Medium

Weakness: Business Logic Errors

Able to download any hosted content on AWS S3 bucket(stripo)

Reported by: unchained_ | Disclosed:

Low

Weakness: Improper Access Control - Generic

SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX

Reported by: eliel | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

SSL cookie without secure flag set

Reported by: classifled | Disclosed:

Medium

No length on password

Reported by: prateek_thakare | Disclosed:

Medium

Upload Profile Photo in any folder you want with any extension you want

Reported by: whoisbinit | Disclosed:

Critical

Weakness: Privilege Escalation

No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address

Reported by: whoisbinit | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

SSRF in Export template to ActiveCampaign

Reported by: c1kada | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bypass email verification and create email template with the editor

Reported by: aishkendle | Disclosed:

High

Redirection through referer tag

Reported by: b341eb9552f61203c850a10 | Disclosed:

Low

subdomain takeover at status0.stripo.email

Reported by: haxorpunk | Disclosed:

Medium

Weakness: Privilege Escalation

Password token leak via Host header

Reported by: aishkendle | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Previous Page 2 of 4 Next