{"id": "H1:237927", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mixmax: Stored XSS templates -> 'call for action' feature", "description": "Hi Jeff,\n\nReporting the Stored XSS in template section on 'call for action' button. (Already discussed in mail)\n1] Login to Mixmax and navigate to template section\n2] Click on enhance and select call for action button\n3] Enter anything in button text and in URL enter XSS payload (javascript:alert(document.cookie))\n4] Insert the button and click it to execute XSS.\n\nImpact : XSS can be stored in template and when Team manager/admin uses that template and clicks the button , our XSS executes \n\nThank you", "published": "2017-06-08T08:04:58", "modified": "2017-06-09T17:41:09", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/237927", "reporter": "r0h17", "references": [], "cvelist": [], "lastseen": "2018-06-08T16:09:37", "viewCount": 5, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-06-08T16:09:37", "rev": 2}, "dependencies": {"references": [], "modified": "2018-06-08T16:09:37", "rev": 2}, "vulnersScore": 0.4}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "mixmax", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/018/483/5b77a90bae5e03169521d78712f86523c187f338_medium.png?1528417568", "small": "https://profile-photos.hackerone-user-content.com/000/018/483/ba8e7140f97f364167ebc50e4ebdf07e8f3a4d09_small.png?1528417568"}, "url": "https://hackerone.com/mixmax"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/059/584/d56bfdca08f27d90a2ae79107aa04bbd651a6481_small.jpg?1476486381"}, "url": "/r0h17", "username": "r0h17"}}

{}