Infogram Bug Bounty Program Statistics

Infogram Program Statistics

42 total issues disclosed

$0 total paid publicly

Most disclosed (12 disclosures) — Cross-site Scripting (XSS) - Stored

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Bypass for blind SSRF #281950 and #287496	Server-Side Request Forgery (SSRF)	7001	Low	2020-05-24
LFI through the MySQL connection	Information Disclosure	muon4	High	2019-11-12
possibility to create account without username	Violation of Secure Design Principles	the_legend	Medium	2018-10-09
CORS on (ws.infogram.com)	Improper Access Control - Generic	boxpy	Low	2018-10-08
Application Vulnerable to CSRF - Remove Invited user	Cross-Site Request Forgery (CSRF)	ramakanthk35	Medium	2018-05-08
Email notification is not being sent while changing passwords	Violation of Secure Design Principles	saikiran-10099	Low	2018-01-29
No Rate Limit on account deletion request(Leads to huge email flooding/email bombing)	Violation of Secure Design Principles	saikiran-10099	Low	2017-12-12
Bruteforcing Coupons	None supplied	t-pwn	No rating	2017-12-12
Non Critical Code Quality Bug / Self XSS on Map Editor	Cross-site Scripting (XSS) - Stored	mksecurity	Medium	2017-12-12
No Rate limit on Password Reset Function	Improper Authentication - Generic	akaash_pantherdefence	Medium	2017-12-12
Javascript Payload reflected Back in Report Embed Code	Cross-site Scripting (XSS) - Stored	zubair	Low	2017-12-12
New team invitation functionality allows extend team without upgrade	Privilege Escalation	muon4	Medium	2017-12-11
Report Design Critical Stored DOM XSS Vulnerability	Cross-site Scripting (XSS) - Stored	mksecurity	Critical	2017-12-08
Server Side Request Forgery on JSON Feed	Server-Side Request Forgery (SSRF)	mr_r3boot	Medium	2017-12-06
Stored Cross-Site scripting in the infographics using Data Objects links	Cross-site Scripting (XSS) - Stored	sp1d3rs	Medium	2017-12-04
Stored Cross-Site scripting in the infographics using links	Cross-site Scripting (XSS) - Stored	sp1d3rs	Medium	2017-12-04
Persistent XSS in share button	Cross-site Scripting (XSS) - Stored	muon4	Medium	2017-11-23
Stored XSS in the Custom Logo link (non-Basic plan required)	Cross-site Scripting (XSS) - Stored	sp1d3rs	Medium	2017-11-23
Bypass insecure password validation	None supplied	japz	Low	2017-11-16
Stored XSS On Wordpress Infogram plugin	Cross-site Scripting (XSS) - Stored	jarmouz	Medium	2017-11-15
A10 – Unvalidated Redirects and Forwards	Open Redirect	romanshyadav	Low	2017-11-09
Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter)	Server-Side Request Forgery (SSRF)	spicyturtle	Low	2017-11-08
Stored XSS in content when Graph is created via API	Cross-site Scripting (XSS) - Stored	krankopwnz	Medium	2017-11-07
Tabnabbing via window.opener	Violation of Secure Design Principles	mr_r3boot	Low	2017-11-06
Weak Password Policy on Signup	Violation of Secure Design Principles	mr_r3boot	Low	2017-11-06
SPF Misconfiguration	Violation of Secure Design Principles	mr_r3boot	Low	2017-11-06
XSS on Report Classic	Cross-site Scripting (XSS) - Stored	nihadrekanym	No rating	2017-11-03
No Email Verification	Improper Certificate Validation	asad_anwar	Medium	2017-11-03
Internal Ports Scanning via Blind SSRF	Information Disclosure	tungpun	No rating	2017-11-03
Multiple xss on infogram templates	Cross-site Scripting (XSS) - Stored	jarmouz	No rating	2017-11-01
XSS when Shared	Cross-site Scripting (XSS) - Reflected	haystack_needle	Medium	2017-11-01
XSS on infogram.com	Cross-site Scripting (XSS) - Stored	jarmouz	High	2017-11-01
Sensitive information is publicly available	Cleartext Storage of Sensitive Information	romanshyadav	Medium	2017-10-31
Outdated jQuery Version	None supplied	romanshyadav	None	2017-10-31
HTML injection	None supplied	nihadrekanym	No rating	2017-10-31
Incorrect Functionality of Password reset links	Violation of Secure Design Principles	saikiran-10099	Low	2017-10-30
Password Reset Token Not Expired	Weak Password Recovery Mechanism for Forgotten Password	geekninja	High	2017-10-30
No Confirmation or Notification During Email Change which can leads to account takeover	None supplied	kiddie	Medium	2017-10-27
Login Cross Site Request Forgery	Cross-Site Request Forgery (CSRF)	bluedangerforyou	No rating	2017-10-27
User Enumeration	Information Disclosure	saikiran-10098	Low	2017-10-27
User enumeration via forgot password error message	None supplied	kiddie	Medium	2017-10-27
No notification on Password Change	None supplied	kiddie	Medium	2017-10-27

BugBountyHunter

Infogram Program Statistics

Disclosed Reports