Stored XSS in app.lemlist.com
Low
Vulnerability Details
## Summary:
[add summary of the vulnerability]
## Steps To Reproduce:
- Go to Company > Buddies-to-Be > Custom variables
- Add malicious code: `" onmouseover="confirm(document.domain)" a="`
{F915718}
- Go to Company > Messages > Blank email
- In the WYSIWYG editor select `Custom variables`
- Malicious code executed
{F915719}
## Impact
With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website.
Actions
View on HackerOneReport Stats
- Report ID: 928816
- State: Closed
- Substate: resolved
- Upvotes: 3