Infogram Program Statistics


View program

42 total issues disclosed

$0 total paid publicly

Most disclosed (12 disclosures) — Cross-site Scripting (XSS) - Stored



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Bypass for blind SSRF #281950 and #287496 Server-Side Request Forgery (SSRF) 7001 Low 2020-05-24
LFI through the MySQL connection Information Disclosure muon4 High 2019-11-12
possibility to create account without username Violation of Secure Design Principles the_legend Medium 2018-10-09
CORS on (ws.infogram.com) Improper Access Control - Generic boxpy Low 2018-10-08
Application Vulnerable to CSRF - Remove Invited user Cross-Site Request Forgery (CSRF) ramakanthk35 Medium 2018-05-08
Email notification is not being sent while changing passwords Violation of Secure Design Principles saikiran-10099 Low 2018-01-29
No Rate Limit on account deletion request(Leads to huge email flooding/email bombing) Violation of Secure Design Principles saikiran-10099 Low 2017-12-12
Bruteforcing Coupons None supplied t-pwn No rating 2017-12-12
Non Critical Code Quality Bug / Self XSS on Map Editor Cross-site Scripting (XSS) - Stored mksecurity Medium 2017-12-12
No Rate limit on Password Reset Function Improper Authentication - Generic akaash_pantherdefence Medium 2017-12-12
Javascript Payload reflected Back in Report Embed Code Cross-site Scripting (XSS) - Stored zubair Low 2017-12-12
New team invitation functionality allows extend team without upgrade Privilege Escalation muon4 Medium 2017-12-11
Report Design Critical Stored DOM XSS Vulnerability Cross-site Scripting (XSS) - Stored mksecurity Critical 2017-12-08
Server Side Request Forgery on JSON Feed Server-Side Request Forgery (SSRF) mr_r3boot Medium 2017-12-06
Stored Cross-Site scripting in the infographics using Data Objects links Cross-site Scripting (XSS) - Stored sp1d3rs Medium 2017-12-04
Stored Cross-Site scripting in the infographics using links Cross-site Scripting (XSS) - Stored sp1d3rs Medium 2017-12-04
Persistent XSS in share button Cross-site Scripting (XSS) - Stored muon4 Medium 2017-11-23
Stored XSS in the Custom Logo link (non-Basic plan required) Cross-site Scripting (XSS) - Stored sp1d3rs Medium 2017-11-23
Bypass insecure password validation None supplied japz Low 2017-11-16
Stored XSS On Wordpress Infogram plugin Cross-site Scripting (XSS) - Stored jarmouz Medium 2017-11-15
A10 – Unvalidated Redirects and Forwards Open Redirect romanshyadav Low 2017-11-09
Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter) Server-Side Request Forgery (SSRF) spicyturtle Low 2017-11-08
Stored XSS in content when Graph is created via API Cross-site Scripting (XSS) - Stored krankopwnz Medium 2017-11-07
Tabnabbing via window.opener Violation of Secure Design Principles mr_r3boot Low 2017-11-06
Weak Password Policy on Signup Violation of Secure Design Principles mr_r3boot Low 2017-11-06
SPF Misconfiguration Violation of Secure Design Principles mr_r3boot Low 2017-11-06
XSS on Report Classic Cross-site Scripting (XSS) - Stored nihadrekanym No rating 2017-11-03
No Email Verification Improper Certificate Validation asad_anwar Medium 2017-11-03
Internal Ports Scanning via Blind SSRF Information Disclosure tungpun No rating 2017-11-03
Multiple xss on infogram templates Cross-site Scripting (XSS) - Stored jarmouz No rating 2017-11-01
XSS when Shared Cross-site Scripting (XSS) - Reflected haystack_needle Medium 2017-11-01
XSS on infogram.com Cross-site Scripting (XSS) - Stored jarmouz High 2017-11-01
Sensitive information is publicly available Cleartext Storage of Sensitive Information romanshyadav Medium 2017-10-31
Outdated jQuery Version None supplied romanshyadav None 2017-10-31
HTML injection None supplied nihadrekanym No rating 2017-10-31
Incorrect Functionality of Password reset links Violation of Secure Design Principles saikiran-10099 Low 2017-10-30
Password Reset Token Not Expired Weak Password Recovery Mechanism for Forgotten Password geekninja High 2017-10-30
No Confirmation or Notification During Email Change which can leads to account takeover None supplied kiddie Medium 2017-10-27
Login Cross Site Request Forgery Cross-Site Request Forgery (CSRF) bluedangerforyou No rating 2017-10-27
User Enumeration Information Disclosure saikiran-10098 Low 2017-10-27
User enumeration via forgot password error message None supplied kiddie Medium 2017-10-27
No notification on Password Change None supplied kiddie Medium 2017-10-27