stored xss in app.lemlist.com

Disclosed: 2020-07-21 14:08:47 By omarelfarsaoui To lemlist

Medium

Vulnerability Details

Hi there, I found a stored xss [app.lemlist.com](https://app.lemlist.com/). ## Steps To Reproduce: 1. go to https://app.lemlist.com/. 1. create or edit **campaigns**. 1. visit tab **Buddies-to-Be**. 1. click **Add one** on the right Top. 1. Fill in the input 1. add `/><svg src=x onload=confirm(document.domain);>` ** Icebreaker** and **companyName** 1. click create . ## POC {F901411} ## Impact Stealing cookies

Actions

View on HackerOne

Report Stats

Report ID: 919859
State: Closed
Substate: resolved
Upvotes: 25

stored xss in app.lemlist.com

Vulnerability Details

Actions

Report Stats

Share this report