email-xss

1 article
sort: new top best
clear filter
bug-bounty497 google347 xss301 microsoft290 facebook261 rce211 exploit198 malware168 apple161 cve135 account-takeover115 bragging-post102 privilege-escalation96 csrf90 phishing86 browser75 writeup74 authentication-bypass69 supply-chain67 dos66 stored-xss65 reflected-xss57 ssrf56 reverse-engineering54 access-control52 react52 input-validation49 cross-site-scripting48 cloudflare47 aws47 docker46 web-security46 lfi46 smart-contract45 sql-injection45 web-application44 ethereum44 ctf43 web343 defi43 oauth43 node41 race-condition39 pentest39 open-source39 idor37 cloud37 info-disclosure36 burp-suite36 auth-bypass35
0 3/10
XSS at hubspot and in email areas
bug-bounty

A researcher demonstrates multiple XSS vulnerabilities in HubSpot and email-based systems: SVG file upload XSS via unfiltered image uploads, filename-based XSS payloads, and email field XSS in live chat modules that execute on admin side. The HubSpot report received points only, while a private freelancing site paid $450.

xss svg-xss file-upload email-xss chat-module payload-bypass stored-xss bragging-post
HubSpot Kali Linux KNOXSS Bugcrowd
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 23 hours ago · details