Stripo Inc Program Statistics

View program

39 total issues disclosed

$0 total paid publicly

Most disclosed (7 disclosures) — Server-Side Request Forgery (SSRF)

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
[Critical] Unauthorized Cross-Tenant Data Access in Stripo AI Hub Campaign via Deleted Project. Improper Access Control - Generic srcode Critical 2026-01-20
[my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier Server-Side Request Forgery (SSRF) odaysec Critical 2025-12-01
[SSRF] my.stripo.email via the setup-wizard parameter Server-Side Request Forgery (SSRF) deb0con Critical 2024-02-15
[demo.stripo.email] HTTP request Smuggling HTTP Request Smuggling deb0con Medium 2024-02-15
Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo Cleartext Transmission of Sensitive Information sankalpa_1337 Medium 2024-02-15
Non-revoked API Key Information disclosure via Stripo_report() Cleartext Storage of Sensitive Information deb0con Medium 2022-08-25
Upload Profile Photo in any folder you want with any extension you want Privilege Escalation whoisbinit Critical 2022-03-30
Insecure Storage and Overly Permissive API Keys Missing Encryption of Sensitive Data dc61703fdbcd3f8331d3dc24078c01 Medium 2022-03-30
Ability to use premium templates as free user via https://stripo.email/templates/?utm_source=viewstripo&utm_medium=referral Business Logic Errors 20kilograma High 2022-03-30
Bypassing Content-Security-Policy leads to open-redirect and iframe xss Open Redirect echidonut Medium 2021-07-30
Stored XSS at Module Name Cross-site Scripting (XSS) - Stored 20kilograma Medium 2021-04-12
Stored XSS in the banner block description Cross-site Scripting (XSS) - Stored solov9ev Medium 2021-03-09
Memory Dump and Env Disclosure via Spring Boot Actuator Misconfiguration 0xwise Medium 2021-03-02
No rate limiting for subscribe email + lead to Cross origin misconfiguration Business Logic Errors kittytrace Medium 2020-11-30
Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') bminossi Medium 2020-11-09
weak password poilicy in signup password leak to account takeover Violation of Secure Design Principles assafkiller None 2020-10-16
SSL cookie without secure flag set None supplied classifled Medium 2020-10-13
Public and secret api key leaked in JavaScript source Cleartext Storage of Sensitive Information 0x4_aulia Medium 2020-09-29
No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address Cross-Site Request Forgery (CSRF) binit Medium 2020-09-08
Cross-Site WebSocket Hijacking Lead to Steal XSRF-TOKEN Improper Access Control - Generic 3x3s High 2020-07-27
Integer Overflow (CVE_2017_7529) Integer Overflow whitehatmat Medium 2020-07-13
SSRF via Export Service in ActiveCampaign Server-Side Request Forgery (SSRF) dotsecurity High 2020-07-13
[www.stripo.email] There is no rate limit for /it/contact-us/ endpoints Improper Authentication - Generic what_web Low 2020-07-03
multiple email usage -my.stripo.email- Improper Access Control - Generic mraldersonn Medium 2020-07-03
SSRF in my.stripo.email Server-Side Request Forgery (SSRF) x25s High 2020-06-30
[www.stripo.email] You can bypass the speed limit by changing the IP. Information Exposure Through Debug Information what_web Medium 2020-06-30
[www.stripo.email] There is no rate limit for contact-us endpoints Improper Authorization what_web Low 2020-05-26
[www.stripo.email] You can override the speed limit by adding the X-Forwarded-For header. Improper Authorization what_web Medium 2020-04-23
SSRF in Export template to ActiveCampaign Server-Side Request Forgery (SSRF) c1kada Medium 2020-04-10
XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique Cross-Site Request Forgery (CSRF) pain45 Medium 2020-03-25
Strored Xss on https://my.stripo.email/ ( multiple inputs) Cross-site Scripting (XSS) - Stored pain45 Medium 2020-03-25
Blind SSRF while Creating Templates Server-Side Request Forgery (SSRF) dotsecurity High 2020-03-24
Email verification bypasa Incorrect Authorization d3ltaf0rc3 High 2020-03-24
SSRF & unrestricted file upload on https://my.stripo.email/ Server-Side Request Forgery (SSRF) pain45 Critical 2020-02-19
Open memory dump method leaking customer information ,secret keys , password , source code & admin accounts Exposed Dangerous Method or Function homains Critical 2020-01-31
stripo.email reflected xss Cross-site Scripting (XSS) - Reflected trazer Medium 2019-12-26
subdomain takeover at status0.stripo.email Privilege Escalation haxorpunk Medium 2019-12-23
No length on password None supplied prateek_thakare Medium 2019-12-23
Able to change password by entering wrong old password Cryptographic Issues - Generic rutik346 No rating 2019-12-18