Stripo Inc Program Statistics

View program

27 total issues disclosed

$0 total paid publicly

Most disclosed (5 disclosures) — Server-Side Request Forgery (SSRF)

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Bypassing Content-Security-Policy leads to open-redirect and iframe xss Open Redirect echidonut Medium 2021-07-30
No rate limiting for subscribe email + lead to Cross origin misconfiguration Business Logic Errors kittytrace Medium 2020-11-30
Race condition on at /cabinet/stripeapi/v1/projects/298427/emails/folders uri Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') bminossi Medium 2020-11-09
weak password poilicy in signup password leak to account takeover Violation of Secure Design Principles assafkiller None 2020-10-16
SSL cookie without secure flag set None supplied classifled Medium 2020-10-13
Public and secret api key leaked in JavaScript source Cleartext Storage of Sensitive Information 0x4_aulia Medium 2020-09-29
No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address Cross-Site Request Forgery (CSRF) binit Medium 2020-09-08
Cross-Site WebSocket Hijacking Lead to Steal XSRF-TOKEN Improper Access Control - Generic 3x3s High 2020-07-27
Integer Overflow (CVE_2017_7529) Integer Overflow whitehatmat Medium 2020-07-13
SSRF via Export Service in ActiveCampaign Server-Side Request Forgery (SSRF) dotsecurity High 2020-07-13
[] There is no rate limit for /it/contact-us/ endpoints Improper Authentication - Generic what_web Low 2020-07-03
multiple email usage Improper Access Control - Generic mraldersonn Medium 2020-07-03
SSRF in Server-Side Request Forgery (SSRF) x25s High 2020-06-30
[] You can bypass the speed limit by changing the IP. Information Exposure Through Debug Information what_web Medium 2020-06-30
[] There is no rate limit for contact-us endpoints Improper Authorization what_web Low 2020-05-26
[] You can override the speed limit by adding the X-Forwarded-For header. Improper Authorization what_web Medium 2020-04-23
SSRF in Export template to ActiveCampaign Server-Side Request Forgery (SSRF) c1kada Medium 2020-04-10
XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique Cross-Site Request Forgery (CSRF) pain45 Medium 2020-03-25
Strored Xss on ( multiple inputs) Cross-site Scripting (XSS) - Stored pain45 Medium 2020-03-25
Blind SSRF while Creating Templates Server-Side Request Forgery (SSRF) dotsecurity High 2020-03-24
Email verification bypasa Incorrect Authorization d3ltaf0rc3 High 2020-03-24
SSRF & unrestricted file upload on Server-Side Request Forgery (SSRF) pain45 Critical 2020-02-19
Open memory dump method leaking customer information ,secret keys , password , source code & admin accounts Exposed Dangerous Method or Function homains Critical 2020-01-31 reflected xss Cross-site Scripting (XSS) - Reflected trazer Medium 2019-12-26
subdomain takeover at Privilege Escalation haxorpunk Medium 2019-12-23
No length on password None supplied prateek_thakare Medium 2019-12-23
Able to change password by entering wrong old password Cryptographic Issues - Generic rutik346 No rating 2019-12-18