Infogram


reports in last 90 days

39

disclosed resolved issues

2

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Stored XSS in infogram.com via language

Cross-site Scripting (XSS) - Stored theappsec Time to triage: 0 Days and 12 hours


Time to close: 0 Days and 3 hours
Resolved

Low CORS on (ws.infogram.com)

Improper Access Control - Generic failure-0x Time to triage: 0 Days and 14 hours


Time to close: 12 Days and 3 hours
Resolved

No rating Privilege escalation allows to use iframe functionality w/o upgrade

Privilege Escalation muon4 Time to triage: 0 Days and 16 hours


Time to close: 1 Days and 2 hours
Resolved

Low Is the 504 Gateway Time-out error ok?

Denial of Service marataziat Time to triage: 0 Days and 21 hours


Time to close: 0 Days and 23 hours
Resolved

High User account blocking by Internal Server error

None supplied marataziat Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 1 hours
Resolved

Low CORS on (ws.infogram.com)

Improper Access Control - Generic boxpy Time to triage: 0 Days and 14 hours


Time to close: 12 Days and 3 hours
Resolved

Medium possibility to create account without username

Violation of Secure Design Principles the_legend Time to triage: 0 Days and 1 hours


Time to close: 0 Days and 1 hours
Resolved

Medium Application Vulnerable to CSRF - Remove Invited user

Cross-Site Request Forgery (CSRF) ramakanthk35 Time to triage: 6 Days and 23 hours


Time to close: 34 Days and 23 hours
Resolved

Low Email notification is not being sent while changing passwords

Violation of Secure Design Principles saikiran-10099 Time to triage: 3 Days and 18 hours


Time to close: 98 Days and 5 hours
Resolved

Low Javascript Payload reflected Back in Report Embed Code

Cross-site Scripting (XSS) - Stored zubair Time to triage: 1 Days and 3 hours


Time to close: 42 Days and 3 hours
Resolved

Medium No Rate limit on Password Reset Function

Improper Authentication - Generic akaash_pantherdefence Time to triage: 1 Days and 1 hours


Time to close: 53 Days and 2 hours
Resolved

Medium Non Critical Code Quality Bug / Self XSS on Map Editor

Cross-site Scripting (XSS) - Stored mksecurity Time to triage: 3 Days and 1 hours


Time to close: 50 Days and 5 hours
Resolved

No rating Bruteforcing Coupons

None supplied t-pwn Time to triage: 25 Days and 0 hours


Time to close: 7 Days and 22 hours
Resolved

Low No Rate Limit on account deletion request(Leads to huge email flooding/email bombing)

Violation of Secure Design Principles saikiran-10099 Time to triage: 0 Days and 22 hours


Time to close: 53 Days and 2 hours
Resolved

Medium Stored Cross-Site scripting in the infographics using links

Cross-site Scripting (XSS) - Stored sp1d3rs Time to triage: 3 Days and 18 hours


Time to close: 31 Days and 6 hours
Resolved

Medium Stored Cross-Site scripting in the infographics using Data Objects links

Cross-site Scripting (XSS) - Stored sp1d3rs Time to triage: 3 Days and 18 hours


Time to close: 29 Days and 4 hours
Resolved

Medium Server Side Request Forgery on JSON Feed

Server-Side Request Forgery (SSRF) mr_r3boot Time to triage: 3 Days and 17 hours


Time to close: 44 Days and 1 hours
Resolved

Critical Report Design Critical Stored DOM XSS Vulnerability

Cross-site Scripting (XSS) - Stored mksecurity Time to triage: 0 Days and 0 hours


Time to close: 4 Days and 17 hours
Resolved

Medium New team invitation functionality allows extend team without upgrade

Privilege Escalation muon4 Time to triage: 0 Days and 0 hours


Time to close: 4 Days and 3 hours
Resolved

Medium Stored XSS in the Custom Logo link (non-Basic plan required)

Cross-site Scripting (XSS) - Stored sp1d3rs Time to triage: 1 Days and 23 hours


Time to close: 27 Days and 20 hours
Resolved

Medium Persistent XSS in share button

Cross-site Scripting (XSS) - Stored muon4 Time to triage: 6 Days and 5 hours


Time to close: 1 Days and 1 hours
Resolved

Medium Stored XSS On Wordpress Infogram plugin

Cross-site Scripting (XSS) - Stored jarmouz Time to triage: 2 Days and 23 hours


Time to close: 5 Days and 0 hours
Resolved

Low Bypass insecure password validation

None supplied japz Time to triage: 2 Days and 18 hours


Time to close: 6 Days and 2 hours
Resolved

Low A10 – Unvalidated Redirects and Forwards

Open Redirect romanshyadav Issue was not triaged


Time to close: 13 Days and 19 hours
Informative

No rating Internal Ports Scanning via Blind SSRF

Information Disclosure tungpun Time to triage: 0 Days and 1 hours


Time to close: 0 Days and 0 hours
Resolved