Public Mixmax bug reports.

Team Bounty Title
Mixmax - Public calendar link can be invisible
Mixmax - SSRF via webhook
Mixmax - Improper parsing of input could lead to future XSS vulnerabilities in Sequences
Mixmax - Design issue with webhook (several) notifications on
Mixmax - Stored XSS in Templates>Enahance>Social Badges
Mixmax - Stored XSS templates -> 'call for action' feature
Mixmax - no string size restriction on team name
Mixmax - [] Stored XSS on Adding new enhancement.
Mixmax - Email Leakage in staging environment
Mixmax - Blind SSRF due to img tag injection in career form
Mixmax - Missing restriction on string size of contact field
Mixmax - [] Stored XSS on in contact names.
Mixmax - Privilege escalation-User who does not have access is able to add notes to the contact
Mixmax - CRLF Injection on
Mixmax - Clickjacking on
Mixmax - Security Vulnerability - SMTP protection not used
Mixmax - Subdomain takeover (
Mixmax - Possible Subdomain Takeover
Mixmax - Attacker can trick other into logging in as themselves
Mixmax - mailbomb through invite feature on chrome addon
Mixmax - CSRF