HubSpot | writeups.xyz

Title	Vulnerabilities	Programs	Authors
HubSpot Full Account Takeover in Bug Bounty	Account Takeover Hyperlink Injection Password Reset	HubSpot	Omar Hashem (@OmarHashem666)
Saving more than 100,000 website from a Watering Hole attack	Web Cache Poisoning Watering Hole Attack	HubSpot	Mohamad Mahmoudi (@Lotus_619)
"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild	Prototype Pollution XSS	Apple Atlassian Mozilla HubSpot Segment Analytics	Sergey Bobrov (@Black2fan) S1r1us (@S1r1u5_) Terjanq (@Terjanq) Beomjin Lee (@Po6ix) Masato Kinugawa (@Kinugawamasato) Nikita Stupin (@_Nikitastupin) Rahul Maini (@Iamnoooob) Harsh Jaiswal (@Rootxharsh) Mikhail Egorov (@0ang3el) Melar Dev (@Melardev)
RCE in Hubspot with EL injection in HubL	RCE	HubSpot	Fyoorer (@Ƒyoorer)
XSS at Hubspot and XSS in email areas.	XSS	HubSpot	Friendly (@SkeletorKeys)
Practical Web Cache Poisoning	Web Cache Poisoning	Mozilla HubSpot Cloudflare Binary.com Amazon (CloudFront)	James Kettle (@Albinowax)
Reflected XSS + Possible Server Side Template Injection in HubSpot CMS ( All Websites Uses HubSpot was affected )	Reflected XSS	HubSpot	Mohamed Haron (@M7mdharon)

Page 1 of 1