10th Acknowledgement From HubSpot

HubSpot is inbound marketing and sales software that helps companies attract visitors, convert leads, and close customers.

This website has web based advertising online tools which minimizes our work to such an extent. They have likewise an Email Signature maker which is vulnerable to Cross Site Scripting (XSS). My companion proposed me HubSpot Academy for finding out about Email Marketing tutorials. I have investigated their site and established that this Email Signature is vulnerable to Cross Site Scripting (XSS) vulnerability. In spite of the fact that they additionally have a Responsible Disclosure program on BugCrowd however I never noticed.

Below I’ll show you I replicate Cross Site Scripting (XSS) in HubSpot

Go to HubSpot Email Signature maker.

In Email Signature required data frame, fill these fields with XSS payloads. This is page is reacting invigorating ideal to the frame.

Hubspot Form

As page loads entered information, the JavaScript payload executed.

Hubspot XSS


The following day they replied:

This submission has been previously reported by another researcher. Thanks for the submission, this submission is duplicate of another submission. We appreciate your effort and we hope that you’ll continue to research and submit any future security issues you find.

After confirming that report they Acknowledged me by posting my name in HubSpot Hall of Security Researcher HubSpot Hall of Fame.

 Hubspot Hall of Fame

I am grateful to HubSpot for acknowledge and  I’ll test that site again as I got some time and I’ll do my best to locate another interesting vulnerability. I thank to HubSpot for acknowledgement and I thanks to you too for your profitable time.

, , , , , , , ,

Leave a Comment

Thanks for downloading!