Stored XSS in Document Title
👉 https://hackerone.com/reports/1321407
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Localize
🔹 Reported By: #thd3r7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 2:00pm (UTC)
👉 https://hackerone.com/reports/1321407
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Localize
🔹 Reported By: #thd3r7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 2:00pm (UTC)
CVE-2021-3711: SM2 decrypt buffer overflow
👉 https://hackerone.com/reports/1352429
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ouyang
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 6:19pm (UTC)
👉 https://hackerone.com/reports/1352429
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ouyang
🔹 State: 🟢 Resolved
🔹 Disclosed: September 27, 2021, 6:19pm (UTC)
[mtn.com.af] Multiple vulnerabilities allow to Application level DoS
👉 https://hackerone.com/reports/946578
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 4:52am (UTC)
👉 https://hackerone.com/reports/946578
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 4:52am (UTC)
[ii.worki.ru ] emarsys subdomain takeover
👉 https://hackerone.com/reports/1287686
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 6:20am (UTC)
👉 https://hackerone.com/reports/1287686
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #uddeshaya001
🔹 State: 🟢 Resolved
🔹 Disclosed: September 28, 2021, 6:20am (UTC)
HTTP Request Smuggling on api.flocktory.com Leads to XSS on Customer Sites
👉 https://hackerone.com/reports/955170
🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: QIWI
🔹 Reported By: #wdahlenb
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 1:55pm (UTC)
👉 https://hackerone.com/reports/955170
🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: QIWI
🔹 Reported By: #wdahlenb
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 1:55pm (UTC)
Information disclosure at '████████' --- CVE-2020-14179
👉 https://hackerone.com/reports/1336397
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x3f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:43pm (UTC)
👉 https://hackerone.com/reports/1336397
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x3f
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:43pm (UTC)
███████ - XSS - CVE-2020-3580
👉 https://hackerone.com/reports/1243650
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pr3r00t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1243650
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pr3r00t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 29, 2021, 5:44pm (UTC)
Vulnerable Jira Instance
👉 https://hackerone.com/reports/1352461
🔹 Severity: Medium
🔹 Reported To: OneWeb
🔹 Reported By: #lesleybw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2021, 11:00am (UTC)
👉 https://hackerone.com/reports/1352461
🔹 Severity: Medium
🔹 Reported To: OneWeb
🔹 Reported By: #lesleybw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 30, 2021, 11:00am (UTC)
Broken Link on TikTokUS.Info
👉 https://hackerone.com/reports/1338457
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2021, 11:34pm (UTC)
👉 https://hackerone.com/reports/1338457
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 1, 2021, 11:34pm (UTC)
Path Traversal on meetcqpub1.gsa.gov allows attackers to see arbitrary file listings.
👉 https://hackerone.com/reports/1313040
🔹 Severity: Low
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 2, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1313040
🔹 Severity: Low
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 2, 2021, 5:52pm (UTC)
Denial of Service via Hyperlinks in Posts
👉 https://hackerone.com/reports/1077136
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #joaovitormaia
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2021, 1:52pm (UTC)
👉 https://hackerone.com/reports/1077136
🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Slack
🔹 Reported By: #joaovitormaia
🔹 State: 🟢 Resolved
🔹 Disclosed: October 3, 2021, 1:52pm (UTC)
Using gossip to drain miner wallets
👉 https://hackerone.com/reports/1058879
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Zilliqa
🔹 Reported By: #ahook
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 5:24am (UTC)
👉 https://hackerone.com/reports/1058879
🔹 Severity: Critical | 💰 10,000 USD
🔹 Reported To: Zilliqa
🔹 Reported By: #ahook
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 5:24am (UTC)
No Rate Limiting on /reset-password-request/ endpoint
👉 https://hackerone.com/reports/1331268
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #1bdool492
🔹 State: 🔴 N/A
🔹 Disclosed: October 4, 2021, 1:50pm (UTC)
👉 https://hackerone.com/reports/1331268
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #1bdool492
🔹 State: 🔴 N/A
🔹 Disclosed: October 4, 2021, 1:50pm (UTC)
SSRF bypass
👉 https://hackerone.com/reports/863221
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 3:53pm (UTC)
👉 https://hackerone.com/reports/863221
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #pabl00nicarres
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 3:53pm (UTC)
Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text"
👉 https://hackerone.com/reports/616770
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #bl4de
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 4:43pm (UTC)
👉 https://hackerone.com/reports/616770
🔹 Severity: Medium
🔹 Reported To: Concrete CMS
🔹 Reported By: #bl4de
🔹 State: 🟢 Resolved
🔹 Disclosed: October 4, 2021, 4:43pm (UTC)
bypass sql injection #1109311
👉 https://hackerone.com/reports/1224660
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
👉 https://hackerone.com/reports/1224660
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Acronis
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
No server side check on terms of service page which leads to bypass
👉 https://hackerone.com/reports/1338256
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #hackipie
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
👉 https://hackerone.com/reports/1338256
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #hackipie
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 5, 2021, 9:19am (UTC)
Domain does not Match SSL Certificate
👉 https://hackerone.com/reports/1341142
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #skimask
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:20am (UTC)
👉 https://hackerone.com/reports/1341142
🔹 Severity: Medium
🔹 Reported To: Acronis
🔹 Reported By: #skimask
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 9:20am (UTC)
Ability to subscribe to inactive Post+ creators
👉 https://hackerone.com/reports/1322334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 1:00pm (UTC)
👉 https://hackerone.com/reports/1322334
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: October 5, 2021, 1:00pm (UTC)
Improper Validation at Partners Login
👉 https://hackerone.com/reports/990048
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 8:25am (UTC)
👉 https://hackerone.com/reports/990048
🔹 Severity: Critical | 💰 2,000 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 8:25am (UTC)
CVE-2021-40870 on [52.204.160.31]
👉 https://hackerone.com/reports/1356845
🔹 Severity: Critical | 💰 1,760 USD
🔹 Reported To: Elastic
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 4:06pm (UTC)
👉 https://hackerone.com/reports/1356845
🔹 Severity: Critical | 💰 1,760 USD
🔹 Reported To: Elastic
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2021, 4:06pm (UTC)