Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

stored xss in app.lemlist.com

Medium
L
lemlist
Submitted None
Actions:
View on HackerOne
Reported by omarelfarsaoui

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Stored
Hi there, I found a stored xss [app.lemlist.com](https://app.lemlist.com/). ## Steps To Reproduce: 1. go to https://app.lemlist.com/. 1. create or edit **campaigns**. 1. visit tab **Buddies-to-Be**. 1. click **Add one** on the right Top. 1. Fill in the input 1. add `/><svg src=x onload=confirm(document.domain);>` ** Icebreaker** and **companyName** 1. click create . ## POC {F901411} ## Impact Stealing cookies

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Stored