Stripo Inc - HackerOne Reports
View on HackerOne70
Total Reports
5
Critical
12
High
43
Medium
7
Low
Unrestricted File Upload on https://my.stripo.email and https://stripo.email
Reported by:
doctor_spooky
|
Disclosed:
Medium
Weakness: Unrestricted Upload of File with Dangerous Type
Stored XSS in the banner block description
Reported by:
solov9ev
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Insecure Storage and Overly Permissive API Keys
Reported by:
dc61703fdbcd3f8331d3dc24078c01
|
Disclosed:
Medium
Weakness: Missing Encryption of Sensitive Data
SSRF & unrestricted file upload on https://my.stripo.email/
Reported by:
abdellah29
|
Disclosed:
Critical
Weakness: Server-Side Request Forgery (SSRF)
Public and secret api key leaked in JavaScript source
Reported by:
lmhu
|
Disclosed:
Medium
Weakness: Cleartext Storage of Sensitive Information
Non-revoked API Key Information disclosure via Stripo_report()
Reported by:
deb0con
|
Disclosed:
Medium
Weakness: Cleartext Storage of Sensitive Information
Stored XSS at "Conditions " through "My Custom Rule" Field at [https://my.stripo.email/cabinet/#/template-editor/] in Template Editor.
Reported by:
xploiterr
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
my.stripo.emai email verification bypassed and also create email templates
Reported by:
h51ic0pt5r
|
Disclosed:
Medium
Weakness: Reliance on Untrusted Inputs in a Security Decision
csrf bypass using flash file + 307 redirect method at plugins endpoint
Reported by:
qotoz
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
CSRF - Modify Project Settings
Reported by:
ahmd_halabi
|
Disclosed:
Critical
Weakness: Cross-Site Request Forgery (CSRF)
Previous
Page 4 of 4