8x8 - HackerOne Reports
View on HackerOne70
Total Reports
6
Critical
20
High
27
Medium
17
Low
Open Redirect on https://██.8x8.com/login?nextPage=%2F
Reported by:
0x7v
|
Disclosed:
Low
Weakness: Open Redirect
Xss (cross site scripting) on http://axa.dxi.eu/
Reported by:
madrobot
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS on http://axa.dxi.eu
Reported by:
madrobot
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
[CRITICAL] Sql Injection on http://axa.dxi.eu
Reported by:
madrobot
|
Disclosed:
Critical
Weakness: SQL Injection
████ api key exposed in github.com/███/███
Reported by:
adnanmalikinfo
|
Disclosed:
High
Weakness: Cleartext Storage of Sensitive Information
DNS Misconfiguration (Subdomain Takeover) ███████.8x8.com
Reported by:
melbadry9
|
Disclosed:
High
Weakness: Privilege Escalation
Post based XSS (Cross site scripting) on https://apimgr.8x8.com
Reported by:
madrobot
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
[CRITICAL] Remote code execution on http://axa.dxi.eu
Reported by:
madrobot
|
Disclosed:
Critical
Weakness: Code Injection
Bypass Email activation on http://axa.dxi.eu
Reported by:
madrobot
|
Disclosed:
High
Weakness: Improper Access Control - Generic
DNS Misconfiguration (Subdomain Takeover) ███.wavecell.com
Reported by:
melbadry9
|
Disclosed:
High
Weakness: Privilege Escalation
(Critical) Remote Code Execution Through Old TinyMCE upload bypass
Reported by:
konqi
|
Disclosed:
High
Weakness: Code Injection
speedtest.8x8.com: Enabled Directory Listing
Reported by:
shriyanss
|
Disclosed:
Low
Weakness: Information Exposure Through Directory Listing
Directory Listing at https://█.█.█.█
Reported by:
shuvam321
|
Disclosed:
Low
Weakness: File and Directory Information Exposure
wavecell.com: Broken Link Hijacking / Instagram Takeover @██
Reported by:
xxxdopa
|
Disclosed:
Low
Weakness: Externally Controlled Reference to a Resource in Another Sphere
Subdomain takeover of ███.wavecell.com
Reported by:
ian
|
Disclosed:
High
Weakness: Privilege Escalation
vidyard api auth_token exposed
Reported by:
stilou
|
Disclosed:
Medium
Weakness: Information Disclosure
Subdomain Takeover at http://██.get8x8.com/
Reported by:
testingforbugs
|
Disclosed:
Medium
Weakness: Leftover Debug Code (Backdoor)
Directory Listing vulnerability on █.packet8.net/php/include/
Reported by:
rajauzairabdullah
|
Disclosed:
Low
Weakness: Information Exposure Through Directory Listing
Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization
Reported by:
0daystolive
|
Disclosed:
Critical
Weakness: Code Injection
Hardcoded credentials in Android App
Reported by:
madrobot
|
Disclosed:
High
Weakness: Information Disclosure
Page 1 of 4
Next