Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Lemlist Program Statistics
8 total issues disclosed
$0 total paid publicly
Most disclosed (4 disclosures) — Cross-site Scripting (XSS) - Stored
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| Stored XSS at [ https://app.lemlist.com/campaigns/cam_QRS5caF2ca7MJtiLS/leads ] in " LINKEDIN URL" Field. | Cross-site Scripting (XSS) - Stored | try__for_impossible | Low | 2020-07-24 |
| CVE-2019-19935 - DOM based XSS in the froala editor | Cross-site Scripting (XSS) - DOM | chackal | Low | 2020-07-24 |
| Stored XSS in app.lemlist.com | Cross-site Scripting (XSS) - Stored | solov9ev | Low | 2020-07-23 |
| app.lemlist.com : Admin Panel Access | Improper Access Control - Generic | omarelfarsaoui | None | 2020-07-23 |
| stored xss via Campaign Name. | Cross-site Scripting (XSS) - Stored | omarelfarsaoui | Medium | 2020-07-21 |
| stored xss in app.lemlist.com | Cross-site Scripting (XSS) - Stored | omarelfarsaoui | Medium | 2020-07-21 |
| SSRF in img.lemlist.com that leads to Localhost Port Scanning | Server-Side Request Forgery (SSRF) | arsene_lupin | Medium | 2020-05-28 |
| Unrestricted File Upload on https://app.lemlist.com | Unrestricted Upload of File with Dangerous Type | ctulhu | Critical | 2020-04-01 |