Lemlist Program Statistics

View program

14 total issues disclosed

$0 total paid publicly

Most disclosed (4 disclosures) — Cross-site Scripting (XSS) - Stored

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Authentication Bypass in Subscription Management Endpoint Insecure Direct Object Reference (IDOR) 0hmz Critical 2025-11-17
Authentication Token Theft via Open Redirect in Callback URL Parameter Insufficiently Protected Credentials sle3pyhead Critical 2025-11-14
Unauthorized Password Reset Allows Account Takeover Across Tenant Boundaries None supplied mcdave High 2025-11-07
Clickjacking at app.lemlist.com UI Redressing (Clickjacking) scriptsavvy High 2022-05-20
[app.lemlist.com] Improper handling of payment lead to bypass payment Business Logic Errors omarelfarsaoui High 2022-05-17
Security misconfiguration Misconfiguration mr23r0 High 2022-05-16
Stored XSS at [ https://app.lemlist.com/campaigns/cam_QRS5caF2ca7MJtiLS/leads ] in " LINKEDIN URL" Field. Cross-site Scripting (XSS) - Stored try__for_impossible Low 2020-07-24
CVE-2019-19935 - DOM based XSS in the froala editor Cross-site Scripting (XSS) - DOM chackal Low 2020-07-24
Stored XSS in app.lemlist.com Cross-site Scripting (XSS) - Stored solov9ev Low 2020-07-23
app.lemlist.com : Admin Panel Access Improper Access Control - Generic omarelfarsaoui None 2020-07-23
stored xss via Campaign Name. Cross-site Scripting (XSS) - Stored omarelfarsaoui Medium 2020-07-21
stored xss in app.lemlist.com Cross-site Scripting (XSS) - Stored omarelfarsaoui Medium 2020-07-21
SSRF in img.lemlist.com that leads to Localhost Port Scanning Server-Side Request Forgery (SSRF) arsene_lupin Medium 2020-05-28
Unrestricted File Upload on https://app.lemlist.com Unrestricted Upload of File with Dangerous Type ctulhu Critical 2020-04-01