Appsuite


reports in last 90 days

16

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low IDOR to view other user folder name

Insecure Direct Object Reference (IDOR) ranjit_p Time to triage: 0 Days and 15 hours


Time to close: 0 Days and 6 hours
Resolved

Medium IDOR allow to extract all registered email

Insecure Direct Object Reference (IDOR) ranjit_p Time to triage: 0 Days and 14 hours


Time to close: 32 Days and 23 hours
Resolved

High Stored XSS in Email attachment file name

Cross-site Scripting (XSS) - Stored s1ck-sec Time to triage: 0 Days and 17 hours


Time to close: 0 Days and 2 hours
Resolved

Medium store xss in calendar via upload filename

Cross-site Scripting (XSS) - Stored chihuahua Time to triage: 3 Days and 15 hours


Time to close: 0 Days and 0 hours
Resolved

Medium IDOR - setAttribute action of user object in API

Insecure Direct Object Reference (IDOR) logan5 Time to triage: 6 Days and 18 hours


Time to close: 0 Days and 19 hours
Resolved

Medium Stored XSS in mail app

Cross-site Scripting (XSS) - Stored zee_shan Time to triage: 0 Days and 1 hours


Time to close: 0 Days and 2 hours
Resolved

Medium Another Stored XSS in mail app using Drive app

Cross-site Scripting (XSS) - Stored zee_shan Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 21 hours
Resolved

Low [XSS] RSS Feed Widget

Cross-site Scripting (XSS) - Stored secator Time to triage: 0 Days and 7 hours


Time to close: 8 Days and 5 hours
Resolved

Medium Stored XSS

Cross-site Scripting (XSS) - Stored tbehroz Time to triage: 0 Days and 22 hours


Time to close: 5 Days and 4 hours
Resolved

Medium Another window.opener issue

Open Redirect zee_shan Time to triage: 0 Days and 22 hours


Time to close: 0 Days and 23 hours
Resolved

Medium SSRF in /appsuite/api/autoconfig

Server-Side Request Forgery (SSRF) logan5 Time to triage: 0 Days and 10 hours


Time to close: 1 Days and 3 hours
Resolved

Medium SSRF - RSS feed, blacklist bypass (IP Formatting)

Server-Side Request Forgery (SSRF) logan5 Time to triage: 0 Days and 14 hours


Time to close: 0 Days and 1 hours
Resolved

Medium SSRF - RSS feed, blacklist bypass (301 re-direct)

Server-Side Request Forgery (SSRF) logan5 Time to triage: 15 Days and 13 hours


Time to close: 1 Days and 2 hours
Resolved

Medium SSRF - Blacklist bypass for mail account addition

Server-Side Request Forgery (SSRF) logan5 Time to triage: 1 Days and 10 hours


Time to close: 7 Days and 2 hours
Resolved

Medium SSRF in VCARD photo upload functionality

Server-Side Request Forgery (SSRF) logan5 Time to triage: 3 Days and 17 hours


Time to close: 2 Days and 19 hours
Resolved

High OX (Guard): Stored Cross-Site Scripting via Incoming Email

Cross-site Scripting (XSS) - Generic dejavuln Time to triage: 0 Days and 0 hours


Time to close: 8 Days and 17 hours
Resolved