stored xss via Campaign Name.
Medium
Vulnerability Details
## Summary:
Hi,
I found a stored xss https://app.lemlist.com
## Steps To Reproduce:
1. go to https://app.lemlist.com/.
2. create or edit campaigns.
3. set the payload `/><svg src=x onload=confirm(document.domain);>` in the **Campaign Name**.
4. visit Buddies-to-Be tab .
5. click Add one on the right Top . or click on one of the list of **Contact**
6. you will see pop-up.
## Poc
{F907302}
## Impact
Stealing cookies
Actions
View on HackerOneReport Stats
- Report ID: 923679
- State: Closed
- Substate: resolved
- Upvotes: 11