Stripo Inc


27 total issues disclosed

$0 total paid publicly


Most disclosed (5 disclosures) — Server-Side Request Forgery (SSRF)

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Bypassing Content-Security-Policy leads to open-redirect and iframe xss Open Redirect echidonut Medium 2021-07-30
No rate limiting for subscribe email + lead to Cross origin misconfiguration Business Logic Errors kittytrace Medium 2020-11-30
Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') bminossi Medium 2020-11-09
weak password poilicy in signup password leak to account takeover Violation of Secure Design Principles assafkiller None 2020-10-16
SSL cookie without secure flag set None supplied classifled Medium 2020-10-13
Public and secret api key leaked in JavaScript source Cleartext Storage of Sensitive Information 0x4_aulia Medium 2020-09-29
No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address Cross-Site Request Forgery (CSRF) binit Medium 2020-09-08
Cross-Site WebSocket Hijacking Lead to Steal XSRF-TOKEN Improper Access Control - Generic 3x3s High 2020-07-27
Integer Overflow (CVE_2017_7529) Integer Overflow whitehatmat Medium 2020-07-13
SSRF via Export Service in ActiveCampaign Server-Side Request Forgery (SSRF) dotsecurity High 2020-07-13
[www.stripo.email] There is no rate limit for /it/contact-us/ endpoints Improper Authentication - Generic what_web Low 2020-07-03
multiple email usage -my.stripo.email- Improper Access Control - Generic mraldersonn Medium 2020-07-03
SSRF in my.stripo.email Server-Side Request Forgery (SSRF) x25s High 2020-06-30
[www.stripo.email] You can bypass the speed limit by changing the IP. Information Exposure Through Debug Information what_web Medium 2020-06-30
[www.stripo.email] There is no rate limit for contact-us endpoints Improper Authorization what_web Low 2020-05-26
[www.stripo.email] You can override the speed limit by adding the X-Forwarded-For header. Improper Authorization what_web Medium 2020-04-23
SSRF in Export template to ActiveCampaign Server-Side Request Forgery (SSRF) c1kada Medium 2020-04-10
XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique Cross-Site Request Forgery (CSRF) pain45 Medium 2020-03-25
Strored Xss on https://my.stripo.email/ ( multiple inputs) Cross-site Scripting (XSS) - Stored pain45 Medium 2020-03-25
Blind SSRF while Creating Templates Server-Side Request Forgery (SSRF) dotsecurity High 2020-03-24
Email verification bypasa Incorrect Authorization d3ltaf0rc3 High 2020-03-24
SSRF & unrestricted file upload on https://my.stripo.email/ Server-Side Request Forgery (SSRF) pain45 Critical 2020-02-19
Open memory dump method leaking customer information ,secret keys , password , source code & admin accounts Exposed Dangerous Method or Function homains Critical 2020-01-31
stripo.email reflected xss Cross-site Scripting (XSS) - Reflected trazer Medium 2019-12-26
subdomain takeover at status0.stripo.email Privilege Escalation haxorpunk Medium 2019-12-23
No length on password None supplied prateek_thakare Medium 2019-12-23
Able to change password by entering wrong old password Cryptographic Issues - Generic rutik346 No rating 2019-12-18