Skip to content

Latest commit

 

History

History
51 lines (51 loc) · 4.72 KB

infogram.md

File metadata and controls

51 lines (51 loc) · 4.72 KB

Reports in infogram program:

S.No Title Bounty
1 User enumeration via forgot password error message $0.0
2 User Enumeration $0.0
3 Login Cross Site Request Forgery $0.0
4 No Confirmation or Notification During Email Change which can leads to account takeover $0.0
5 No notification on Password Change $0.0
6 Password Reset Token Not Expired $0.0
7 Incorrect Functionality of Password reset links $0.0
8 HTML injection $0.0
9 Outdated jQuery Version $0.0
10 Sensitive information is publicly available $0.0
11 XSS when Shared $0.0
12 Multiple xss on infogram templates $0.0
13 XSS on infogram.com $0.0
14 Internal Ports Scanning via Blind SSRF $0.0
15 No Email Verification $0.0
16 XSS on Report Classic $0.0
17 SPF Misconfiguration $0.0
18 Weak Password Policy on Signup $0.0
19 Tabnabbing via window.opener $0.0
20 Stored XSS in content when Graph is created via API $0.0
21 Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter) $0.0
22 A10 – Unvalidated Redirects and Forwards $0.0
23 Stored XSS On Wordpress Infogram plugin $0.0
24 Bypass insecure password validation $0.0
25 Stored XSS in the Custom Logo link (non-Basic plan required) $0.0
26 Persistent XSS in share button $0.0
27 Stored Cross-Site scripting in the infographics using links $0.0
28 Stored Cross-Site scripting in the infographics using Data Objects links $0.0
29 Server Side Request Forgery on JSON Feed $0.0
30 Report Design Critical Stored DOM XSS Vulnerability $0.0
31 New team invitation functionality allows extend team without upgrade $0.0
32 Javascript Payload reflected Back in Report Embed Code $0.0
33 No Rate limit on Password Reset Function $0.0
34 Non Critical Code Quality Bug / Self XSS on Map Editor $0.0
35 Bruteforcing Coupons $0.0
36 No Rate Limit on account deletion request(Leads to huge email flooding/email bombing) $0.0
37 Email notification is not being sent while changing passwords $0.0
38 Application Vulnerable to CSRF - Remove Invited user $0.0
39 CORS on (ws.infogram.com) $0.0
40 possibility to create account without username $0.0
41 Is the 504 Gateway Time-out error ok? $0.0
42 User account blocking by Internal Server error $0.0
43 Privilege escalation allows to use iframe functionality w/o upgrade $0.0
44 Stored XSS in infogram.com via language $0.0
45 LFI through the MySQL connection $0.0
46 Bypass to report #280389 [Thinking The issue is not fixed Yet] $0.0
47 Bypass for blind SSRF #281950 and #287496 $0.0
48 Memory Corruption via Large Pixels $0.0