XSS and iframe injection on tiktok ads portal using redirect params
π https://hackerone.com/reports/1514554
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #cancerz
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 2:49am (UTC)
π https://hackerone.com/reports/1514554
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #cancerz
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 2:49am (UTC)
Email html Injection
π https://hackerone.com/reports/1461194
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Slack
πΉ Reported By: #smitgharat0001
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 1:03pm (UTC)
π https://hackerone.com/reports/1461194
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Slack
πΉ Reported By: #smitgharat0001
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 1:03pm (UTC)
π2
Stored XSS in repository file viewer
π https://hackerone.com/reports/1072868
πΉ Severity: Medium | π° 2,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #kannthu
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 3:19pm (UTC)
π https://hackerone.com/reports/1072868
πΉ Severity: Medium | π° 2,000 USD
πΉ Reported To: GitLab
πΉ Reported By: #kannthu
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 3:19pm (UTC)
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory
π https://hackerone.com/reports/1400357
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #huntinex
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 5:01pm (UTC)
π https://hackerone.com/reports/1400357
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #huntinex
πΉ State: π’ Resolved
πΉ Disclosed: May 19, 2022, 5:01pm (UTC)
Sensitive files/ data exists post deletion of user account
π https://hackerone.com/reports/1222873
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #geekysherlock
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 9:25am (UTC)
π https://hackerone.com/reports/1222873
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #geekysherlock
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 9:25am (UTC)
π2
Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board
π https://hackerone.com/reports/1450117
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #supr4s
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 10:37am (UTC)
π https://hackerone.com/reports/1450117
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #supr4s
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 10:37am (UTC)
Error in Deleting Deck cards attachment reveals the full path of the website
π https://hackerone.com/reports/1354334
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #ctulhu
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 2:04pm (UTC)
π https://hackerone.com/reports/1354334
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #ctulhu
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 2:04pm (UTC)
Arbitrary POST request as victim user from HTML injection in Jupyter notebooks
π https://hackerone.com/reports/1409788
πΉ Severity: High | π° 8,690 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 2:32pm (UTC)
π https://hackerone.com/reports/1409788
πΉ Severity: High | π° 8,690 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 2:32pm (UTC)
π2
Clickjacking at app.lemlist.com
π https://hackerone.com/reports/1574017
πΉ Severity: High
πΉ Reported To: lemlist
πΉ Reported By: #ondermedia
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 3:04pm (UTC)
π https://hackerone.com/reports/1574017
πΉ Severity: High
πΉ Reported To: lemlist
πΉ Reported By: #ondermedia
πΉ State: π’ Resolved
πΉ Disclosed: May 20, 2022, 3:04pm (UTC)
π1
Possible Domain Takeover on AWS Instance.
π https://hackerone.com/reports/1390782
πΉ Severity: Low
πΉ Reported To: Rocket.Chat
πΉ Reported By: #samuelsiv
πΉ State: π’ Resolved
πΉ Disclosed: May 22, 2022, 8:18pm (UTC)
π https://hackerone.com/reports/1390782
πΉ Severity: Low
πΉ Reported To: Rocket.Chat
πΉ Reported By: #samuelsiv
πΉ State: π’ Resolved
πΉ Disclosed: May 22, 2022, 8:18pm (UTC)
π1
Email Verification Bypass by bruteforcing when setting up 2FA
π https://hackerone.com/reports/1394984
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Evernote
πΉ Reported By: #cyberworlcload
πΉ State: π’ Resolved
πΉ Disclosed: May 22, 2022, 9:41pm (UTC)
π https://hackerone.com/reports/1394984
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Evernote
πΉ Reported By: #cyberworlcload
πΉ State: π’ Resolved
πΉ Disclosed: May 22, 2022, 9:41pm (UTC)
[Java]: Flow sources and steps for JMS and RabbitMQ
π https://hackerone.com/reports/1579235
πΉ Severity: Medium
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #not_specified
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 8:45pm (UTC)
π https://hackerone.com/reports/1579235
πΉ Severity: Medium
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #not_specified
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 8:45pm (UTC)
[python]: Zip Slip Vulnerability
π https://hackerone.com/reports/1572496
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #farid_hunter
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 8:46pm (UTC)
π https://hackerone.com/reports/1572496
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #farid_hunter
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 8:46pm (UTC)
β€2
Stored XSS in photos_user_map.gne
π https://hackerone.com/reports/1534636
πΉ Severity: High | π° 3,263 USD
πΉ Reported To: Flickr
πΉ Reported By: #keer0k
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:21pm (UTC)
π https://hackerone.com/reports/1534636
πΉ Severity: High | π° 3,263 USD
πΉ Reported To: Flickr
πΉ Reported By: #keer0k
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:21pm (UTC)
Open redirect bypass
π https://hackerone.com/reports/1513031
πΉ Severity: Low | π° 300 USD
πΉ Reported To: Flickr
πΉ Reported By: #xlord91
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:23pm (UTC)
π https://hackerone.com/reports/1513031
πΉ Severity: Low | π° 300 USD
πΉ Reported To: Flickr
πΉ Reported By: #xlord91
πΉ State: π’ Resolved
πΉ Disclosed: May 23, 2022, 11:23pm (UTC)
Cross-site scripting on dashboard2.omise.co
π https://hackerone.com/reports/1532858
πΉ Severity: Critical | π° 200 USD
πΉ Reported To: Omise
πΉ Reported By: #oblivionlight
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:54am (UTC)
π https://hackerone.com/reports/1532858
πΉ Severity: Critical | π° 200 USD
πΉ Reported To: Omise
πΉ Reported By: #oblivionlight
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:54am (UTC)
[com.exness.android.pa Android] Universal XSS in webview. Lead to steal user cookies
π https://hackerone.com/reports/532836
πΉ Severity: No Rating | π° 400 USD
πΉ Reported To: EXNESS
πΉ Reported By: #nearsecurity
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 3:24pm (UTC)
π https://hackerone.com/reports/532836
πΉ Severity: No Rating | π° 400 USD
πΉ Reported To: EXNESS
πΉ Reported By: #nearsecurity
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 3:24pm (UTC)
Critical broken cookie signing on dagobah.flickr.com
π https://hackerone.com/reports/1440290
πΉ Severity: Medium | π° 479 USD
πΉ Reported To: Flickr
πΉ Reported By: #ian
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:56pm (UTC)
π https://hackerone.com/reports/1440290
πΉ Severity: Medium | π° 479 USD
πΉ Reported To: Flickr
πΉ Reported By: #ian
πΉ State: π’ Resolved
πΉ Disclosed: May 24, 2022, 11:56pm (UTC)
π€1
Email templates XSS by filterXSS bypass
π https://hackerone.com/reports/1404804
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Judge.me
πΉ Reported By: #caue
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 7:45am (UTC)
π https://hackerone.com/reports/1404804
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Judge.me
πΉ Reported By: #caue
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 7:45am (UTC)
Stored XSS in Notes (with CSP bypass for gitlab.com)
π https://hackerone.com/reports/1481207
πΉ Severity: High | π° 13,950 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 12:09pm (UTC)
π https://hackerone.com/reports/1481207
πΉ Severity: High | π° 13,950 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 12:09pm (UTC)
π₯2π1
Blind XSS in app.pullrequest.com/ββββββββ via /reviews/ratings/{uuid}
π https://hackerone.com/reports/1558010
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 4:28pm (UTC)
π https://hackerone.com/reports/1558010
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: HackerOne
πΉ Reported By: #bugra
πΉ State: π’ Resolved
πΉ Disclosed: May 25, 2022, 4:28pm (UTC)
π1π₯1