stored xss via Campaign Name.
Medium
L
lemlist
Submitted None
Actions:
Reported by
omarelfarsaoui
Vulnerability Details
Technical details and impact analysis
## Summary:
Hi,
I found a stored xss https://app.lemlist.com
## Steps To Reproduce:
1. go to https://app.lemlist.com/.
2. create or edit campaigns.
3. set the payload `/><svg src=x onload=confirm(document.domain);>` in the **Campaign Name**.
4. visit Buddies-to-Be tab .
5. click Add one on the right Top . or click on one of the list of **Contact**
6. you will see pop-up.
## Poc
{F907302}
## Impact
Stealing cookies
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored