XSS Reflected - ███

👉 https://hackerone.com/reports/1223575

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #drauschkolb
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:50pm (UTC)

Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https://███/

👉 https://hackerone.com/reports/1092125

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:53pm (UTC)

Open Akamai ARL XSS at ████████

👉 https://hackerone.com/reports/1317031

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:54pm (UTC)

XSS on https://████/ via ███████ parameter

👉 https://hackerone.com/reports/1251868

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:55pm (UTC)

XSS on https://██████/███ via █████ parameter

👉 https://hackerone.com/reports/1252059

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:56pm (UTC)

XSS on https://███████/██████████ parameter

👉 https://hackerone.com/reports/1252229

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:57pm (UTC)

XSS on https://████████/████' parameter

👉 https://hackerone.com/reports/1252020

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:57pm (UTC)

SQL Injection in █████

👉 https://hackerone.com/reports/1489744

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lubak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:59pm (UTC)

Cross-site Scripting (XSS) - Reflected at https://██████████/

👉 https://hackerone.com/reports/1370746

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mamunwhh
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:00pm (UTC)

Authorization bypass -> IDOR -> PII Leakage

👉 https://hackerone.com/reports/1489470

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lubak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:02pm (UTC)

Broken access control, can lead to legitimate user data loss

👉 https://hackerone.com/reports/1493007

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lubak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:03pm (UTC)

username and password leaked via pptx for █████████ website

👉 https://hackerone.com/reports/1512199

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ibrahimatix_
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:04pm (UTC)

[CVE-2020-3452] on ███████

👉 https://hackerone.com/reports/1234925

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #splint3rsec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:06pm (UTC)

[www.█████] Path-based reflected Cross Site Scripting

👉 https://hackerone.com/reports/1159371

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:08pm (UTC)

Reflected XSS on [█████████]

👉 https://hackerone.com/reports/1267380

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #saajanbhujel
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:09pm (UTC)

Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII

👉 https://hackerone.com/reports/1148697

🔹 Severity: High | 💰 10,250 USD
🔹 Reported To: Uber
🔹 Reported By: #hunt4p1zza
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:49pm (UTC)

Exposed Golang Pprof debugger at https://cn-geo1.uber.com/

👉 https://hackerone.com/reports/1385906

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Uber
🔹 Reported By: #boobalan123
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:52pm (UTC)

Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection.

👉 https://hackerone.com/reports/1444675

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Omise
🔹 Reported By: #oblivionlight
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 6:45am (UTC)

Found Origin IP's Lead To Access To kraden.com

👉 https://hackerone.com/reports/1531183

🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Kraden
🔹 Reported By: #4bhin8v
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 10:04am (UTC)

Folder architecture and Filesizes of private file drop shares can be getten

👉 https://hackerone.com/reports/1337422

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #shakierbellows
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 1:08pm (UTC)

HTML injection through Invite Teammate email

👉 https://hackerone.com/reports/1482057

🔹 Severity: Low
🔹 Reported To: SecurityScorecard
🔹 Reported By: #cryptoknight028
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 5:25pm (UTC)