HackerOne Reports

##Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS) Reference: https://wpvulndb.com/vulnerabilities/9230 Reference: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b Reference: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/ Reference: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/ Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787 ## Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation Reference: https://wpvulndb.com/vulnerabilities/9867 Reference: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ Reference: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68 Reference: https://hackerone.com/reports/339483 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222 ## Title: WordPress 5.0-5.2.2 - Authenticated Stored XSS in Shortcode …

Hi The.json endpoint of any disclosed report is leaking reporter's email, OTP backup codes, reporter's phone number, "graphql_secret_token", tshirt size all the reporter account's internal details etc. ``` GET /reports/█████.json HTTP/2 Host: hackerone.com ```` * I was checking Hackerone's disclosed report ██████████ and suddenly during check found .json point is …

## Summary: - Target URL: `https://www.opn.ooo/th-en/` (Footer Section) - Affected Component: - The Facebook icon in the footer links to: `https://www.facebook.com/Opnglobal` -This link is broken (leads to a “Deleted account” error). ## Steps To Reproduce: - Go to https://www.opn.ooo/th-en/ Click on facebook icon - You will redirected to a https://www.facebook.com/Opnglobal …

## Summary: Using `--path-as-is` with a `file://` URL skips normalization of `..` segments allowing reading of any local file the process can access ## Affected version `* curl 8.15.0-DEV (commit 2a9dfe275, June 27, 2025) on Kali Linux 2024.3, x86_64` ## Steps To Reproduce: 1. bulild curl with debug and ASan: …

Hi team. ## Summary CVE-2020-6287 https://redapi2.acronis.com https://nvd.nist.gov/vuln/detail/CVE-2020-6287 >SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to …

Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. ## Impact https://jira.atlassian.com/browse/JRASERVER-71536 https://hackerone.com/reports/1003980 ## System Host(s) ████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2020-14179 ## …

Upstream Bug --- https://bugs.php.net/bug.php?id=72860 Summary -- wddx_deserialize allows to unserialize a WDDX packet that usually comes from external input. While WDDX tries to deserialize "recordset" element, use-after-free happens if the close tag for the field is not found. Patch -- ``` http://git.php.net/?p=php-src.git;a=commit;h=780daee62b55995a10f8e849159eff0a25bacb9d ``` Fixed for PHP 5.6.26 and 7.0.11 -- …

Hello Yelp, Old unused Password reset tokens are not expiring on yelp.com after the issuance of a new token. EXPLANATION: Suppose at 09:00 hrs I used password reset options of yelp and got a token on my email.Lets call it token_01. But i did not use it. And at 09:04 …

**"Cricetinae"** :) ### Short Description The **dbName** parameter in Step 2 of Installation Wizard is vulnerable to Cross-Site Scripting vulnerability when the form is returned with error. ### Vulnerability Details Cross-Site Scripting issue let's one to run a javascript of choice. It helps most of the client side risks including …

Hello Rubygems, This is my first report on Hackerone, so please tell me if you need further information. This vulnerability/glitch uses the 'Edit Profile' page. How to do it: 1. Login to any account on Rubygems 2. Go to your profile 3. Go to 'Edit Profile' 4. In Handle, put …

hi there , i found an vulnerability on https://my.stripo.email/cabinet/#/users/orog_id , generally every user have an organisation and the organisation contain projects , lets suppose : [email protected] is the owner of the project and [email protected] was invited to his project as admin , in normal situation the owner can not be …

## Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session (or IP-address) has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with …

rubygems.org is vulnerable to host header injection because the host header can be changed to something outside the target domain. Attack vectors are somewhat limited but depends on how the host header is used by the back-end application code. If code references the hostname used in the URL such as …