Stored XSS на странице "Измененить водителя" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050030
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050030
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
Stored XSS на странице "Изменить клиента" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050022
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050022
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
Stored XSS на странице "Изменить клиента", вкладка "История" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050047
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050047
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
Stored XSS на странице "Почты" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1050054
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1050054
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
XSS на странице "Создать водителя" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1057971
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1057971
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
XSS при Изменения машины на странице "Контроль" [city-mobil.ru/taxiserv]
👉 https://hackerone.com/reports/1061439
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
👉 https://hackerone.com/reports/1061439
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #kwel
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 11:19am (UTC)
PHP Code Injection through "previewBlock()" method
👉 https://hackerone.com/reports/1092574
🔹 Severity: High
🔹 Reported To: Invision Power Services, Inc.
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 4:50pm (UTC)
👉 https://hackerone.com/reports/1092574
🔹 Severity: High
🔹 Reported To: Invision Power Services, Inc.
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: May 28, 2021, 4:50pm (UTC)
[www.drive2.ru] Insufficient Session Expiration - Previously issued email change tokens do not expire upon issuing a new email change token
👉 https://hackerone.com/reports/1006677
🔹 Severity: Low
🔹 Reported To: DRIVE.NET, Inc.
🔹 Reported By: #what_web
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 8:03am (UTC)
👉 https://hackerone.com/reports/1006677
🔹 Severity: Low
🔹 Reported To: DRIVE.NET, Inc.
🔹 Reported By: #what_web
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 8:03am (UTC)
Subdomain takeover of www2.growasyouplan.com
👉 https://hackerone.com/reports/1179193
🔹 Severity: Medium
🔹 Reported To: Palo Alto Software
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 7:29pm (UTC)
👉 https://hackerone.com/reports/1179193
🔹 Severity: Medium
🔹 Reported To: Palo Alto Software
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: May 29, 2021, 7:29pm (UTC)
Default Nextcloud server config and iOS Nextcloud client leak sharee searches to Nextcloud
👉 https://hackerone.com/reports/1167919
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 31, 2021, 10:52am (UTC)
👉 https://hackerone.com/reports/1167919
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: May 31, 2021, 10:52am (UTC)
Create alias does not validate account id
👉 https://hackerone.com/reports/1129996
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 8:40am (UTC)
👉 https://hackerone.com/reports/1129996
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 8:40am (UTC)
xmlrpc.php is publicly available at https://stories.showmax.com/xmlrpc.php
👉 https://hackerone.com/reports/1212760
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #mdakh404
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 9:56am (UTC)
👉 https://hackerone.com/reports/1212760
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #mdakh404
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 9:56am (UTC)
Take over a mail account due missing validation of account id
👉 https://hackerone.com/reports/1094063
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:10pm (UTC)
👉 https://hackerone.com/reports/1094063
🔹 Severity: Medium
🔹 Reported To: Nextcloud
🔹 Reported By: #kesselb
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:10pm (UTC)
DoS due to improper input validation can break the admin access into the user data will disallow him from editing that user's data.
👉 https://hackerone.com/reports/1147611
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #demonia
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:29pm (UTC)
👉 https://hackerone.com/reports/1147611
🔹 Severity: High | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #demonia
🔹 State: 🟢 Resolved
🔹 Disclosed: June 1, 2021, 6:29pm (UTC)
SSL certificate not validated when registering with a provider
👉 https://hackerone.com/reports/903424
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #icewater
🔹 State: 🟢 Resolved
🔹 Disclosed: June 2, 2021, 3:09am (UTC)
👉 https://hackerone.com/reports/903424
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #icewater
🔹 State: 🟢 Resolved
🔹 Disclosed: June 2, 2021, 3:09am (UTC)
Persistant Arbitrary code execution in mattermost android
👉 https://hackerone.com/reports/1115864
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mattermost
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 10:40am (UTC)
👉 https://hackerone.com/reports/1115864
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Mattermost
🔹 Reported By: #hulkvision_
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 10:40am (UTC)
Reflected XSS on /admin/stats.php
👉 https://hackerone.com/reports/1187820
🔹 Severity: Medium
🔹 Reported To: Revive Adserver
🔹 Reported By: #solov9ev
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:38pm (UTC)
👉 https://hackerone.com/reports/1187820
🔹 Severity: Medium
🔹 Reported To: Revive Adserver
🔹 Reported By: #solov9ev
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:38pm (UTC)
XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)
👉 https://hackerone.com/reports/220852
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ak1t4
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:46pm (UTC)
👉 https://hackerone.com/reports/220852
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #ak1t4
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 12:46pm (UTC)
Reflected XSS on https://██████
👉 https://hackerone.com/reports/1154378
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #thiennv
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:22pm (UTC)
👉 https://hackerone.com/reports/1154378
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #thiennv
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:22pm (UTC)
Reflected XSS through clickjacking at https://████
👉 https://hackerone.com/reports/1149144
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:23pm (UTC)
👉 https://hackerone.com/reports/1149144
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:23pm (UTC)
Reflected XSS at www.███████ at /██████████ via the ████████ parameter
👉 https://hackerone.com/reports/1173593
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #un4gi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:25pm (UTC)
👉 https://hackerone.com/reports/1173593
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #un4gi
🔹 State: 🟢 Resolved
🔹 Disclosed: June 3, 2021, 4:25pm (UTC)