Adobe - HackerOne Reports
View on HackerOne20
Total Reports
4
Critical
1
High
8
Medium
6
Low
Unauthenticated Varnish Cache Purge
Reported by:
0xhuntress
|
Disclosed:
Low
Weakness: Misconfiguration
HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI
Reported by:
dreamer_eh
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - DOM
DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI
Reported by:
dreamer_eh
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
Reflected Cross site scripting via Swagger UI
Reported by:
webcipher101
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
Reported by:
shirshak
|
Disclosed:
Medium
Weakness: Uncontrolled Resource Consumption
AEM forms XXE Vulnerability
Reported by:
ismailmuh
|
Disclosed:
Critical
Weakness: XML External Entities (XXE)
Parameter tampering can result in product price manipulation
Reported by:
khalidamin
|
Disclosed:
High
Disclosure of git metadata and springboot actuator information
Reported by:
jf0x0r
|
Disclosed:
Low
Weakness: Information Disclosure
Registration Information Leakage
Reported by:
titanrain
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone
Reported by:
aneeeketh
|
Disclosed:
Low
Weakness: Cleartext Storage of Sensitive Information
Able to bypass the fix on DOM XSS at [www.adobe.com]
Reported by:
saajanbhujel
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
Log4j Java RCE in [beta.dev.adobeconnect.com]
Reported by:
sheikhrishad0
|
Disclosed:
Critical
Weakness: Code Injection
Disclosure of github access token in config file via nignx off-by-slash
Reported by:
letm3through
|
Disclosed:
Critical
Weakness: Path Traversal
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com
Reported by:
renzi
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Reflected
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection.adobe.com
Reported by:
renzi
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Reflected
HTML INJECTION on https://adobedocs.github.io/JourneyAPI/ due to outdated SWAGGER UI
Reported by:
dreamer_eh
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
DOM XSS at `https://adobedocs.github.io/indesign-api-docs/?configUrl={site}` due to outdated Swagger UI
Reported by:
dreamer_eh
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
Main Domain Takeover at https://www.marketo.net/
Reported by:
gdattacker
|
Disclosed:
Critical
Weakness: Privilege Escalation
DOM XSS on www.adobe.com
Reported by:
saajanbhujel
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM