Infogram Program Statistics
42 total issues disclosed
$0 total paid publicly
Most disclosed (12 disclosures) — Cross-site Scripting (XSS) - Stored
Disclosed Reports
Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
---|---|---|---|---|
Bypass for blind SSRF #281950 and #287496 | Server-Side Request Forgery (SSRF) | 7001 | Low | 2020-05-24 |
LFI through the MySQL connection | Information Disclosure | muon4 | High | 2019-11-12 |
possibility to create account without username | Violation of Secure Design Principles | the_legend | Medium | 2018-10-09 |
CORS on (ws.infogram.com) | Improper Access Control - Generic | boxpy | Low | 2018-10-08 |
Application Vulnerable to CSRF - Remove Invited user | Cross-Site Request Forgery (CSRF) | ramakanthk35 | Medium | 2018-05-08 |
Email notification is not being sent while changing passwords | Violation of Secure Design Principles | saikiran-10099 | Low | 2018-01-29 |
No Rate Limit on account deletion request(Leads to huge email flooding/email bombing) | Violation of Secure Design Principles | saikiran-10099 | Low | 2017-12-12 |
Bruteforcing Coupons | None supplied | t-pwn | No rating | 2017-12-12 |
Non Critical Code Quality Bug / Self XSS on Map Editor | Cross-site Scripting (XSS) - Stored | mksecurity | Medium | 2017-12-12 |
No Rate limit on Password Reset Function | Improper Authentication - Generic | akaash_pantherdefence | Medium | 2017-12-12 |
Javascript Payload reflected Back in Report Embed Code | Cross-site Scripting (XSS) - Stored | zubair | Low | 2017-12-12 |
New team invitation functionality allows extend team without upgrade | Privilege Escalation | muon4 | Medium | 2017-12-11 |
Report Design Critical Stored DOM XSS Vulnerability | Cross-site Scripting (XSS) - Stored | mksecurity | Critical | 2017-12-08 |
Server Side Request Forgery on JSON Feed | Server-Side Request Forgery (SSRF) | mr_r3boot | Medium | 2017-12-06 |
Stored Cross-Site scripting in the infographics using Data Objects links | Cross-site Scripting (XSS) - Stored | sp1d3rs | Medium | 2017-12-04 |
Stored Cross-Site scripting in the infographics using links | Cross-site Scripting (XSS) - Stored | sp1d3rs | Medium | 2017-12-04 |
Persistent XSS in share button | Cross-site Scripting (XSS) - Stored | muon4 | Medium | 2017-11-23 |
Stored XSS in the Custom Logo link (non-Basic plan required) | Cross-site Scripting (XSS) - Stored | sp1d3rs | Medium | 2017-11-23 |
Bypass insecure password validation | None supplied | japz | Low | 2017-11-16 |
Stored XSS On Wordpress Infogram plugin | Cross-site Scripting (XSS) - Stored | jarmouz | Medium | 2017-11-15 |
A10 – Unvalidated Redirects and Forwards | Open Redirect | romanshyadav | Low | 2017-11-09 |
Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter) | Server-Side Request Forgery (SSRF) | spicyturtle | Low | 2017-11-08 |
Stored XSS in content when Graph is created via API | Cross-site Scripting (XSS) - Stored | krankopwnz | Medium | 2017-11-07 |
Tabnabbing via window.opener | Violation of Secure Design Principles | mr_r3boot | Low | 2017-11-06 |
Weak Password Policy on Signup | Violation of Secure Design Principles | mr_r3boot | Low | 2017-11-06 |
SPF Misconfiguration | Violation of Secure Design Principles | mr_r3boot | Low | 2017-11-06 |
XSS on Report Classic | Cross-site Scripting (XSS) - Stored | nihadrekanym | No rating | 2017-11-03 |
No Email Verification | Improper Certificate Validation | asad_anwar | Medium | 2017-11-03 |
Internal Ports Scanning via Blind SSRF | Information Disclosure | tungpun | No rating | 2017-11-03 |
Multiple xss on infogram templates | Cross-site Scripting (XSS) - Stored | jarmouz | No rating | 2017-11-01 |
XSS when Shared | Cross-site Scripting (XSS) - Reflected | haystack_needle | Medium | 2017-11-01 |
XSS on infogram.com | Cross-site Scripting (XSS) - Stored | jarmouz | High | 2017-11-01 |
Sensitive information is publicly available | Cleartext Storage of Sensitive Information | romanshyadav | Medium | 2017-10-31 |
Outdated jQuery Version | None supplied | romanshyadav | None | 2017-10-31 |
HTML injection | None supplied | nihadrekanym | No rating | 2017-10-31 |
Incorrect Functionality of Password reset links | Violation of Secure Design Principles | saikiran-10099 | Low | 2017-10-30 |
Password Reset Token Not Expired | Weak Password Recovery Mechanism for Forgotten Password | geekninja | High | 2017-10-30 |
No Confirmation or Notification During Email Change which can leads to account takeover | None supplied | kiddie | Medium | 2017-10-27 |
Login Cross Site Request Forgery | Cross-Site Request Forgery (CSRF) | bluedangerforyou | No rating | 2017-10-27 |
User Enumeration | Information Disclosure | saikiran-10098 | Low | 2017-10-27 |
User enumeration via forgot password error message | None supplied | kiddie | Medium | 2017-10-27 |
No notification on Password Change | None supplied | kiddie | Medium | 2017-10-27 |