Public Mixmax bug reports.

Team Bounty Title
Mixmax - Public calendar link can be invisible
Mixmax - SSRF via webhook
Mixmax - Improper parsing of input could lead to future XSS vulnerabilities in Sequences
Mixmax - Design issue with webhook (several) notifications on mixmax.com
Mixmax - Stored XSS in Templates>Enahance>Social Badges
Mixmax - Stored XSS templates -> 'call for action' feature
Mixmax - no string size restriction on team name
Mixmax - [app.mixmax.com] Stored XSS on Adding new enhancement.
Mixmax - Email Leakage in staging environment
Mixmax - Blind SSRF due to img tag injection in career form
Mixmax - Missing restriction on string size of contact field
Mixmax - [compose.mixmax.com] Stored XSS on compose.mixmax.com in contact names.
Mixmax - Privilege escalation-User who does not have access is able to add notes to the contact
Mixmax - CRLF Injection on https://vpn.mixmax.com
Mixmax - Clickjacking on Mixmax.com
Mixmax - Security Vulnerability - SMTP protection not used
Mixmax - Subdomain takeover (sales.mixmax.com)
Mixmax - Possible Subdomain Takeover
Mixmax - Attacker can trick other into logging in as themselves
Mixmax - mailbomb through invite feature on chrome addon
Mixmax - CSRF