Autodesk - HackerOne Reports
View on HackerOne14
Total Reports
2
Critical
3
High
7
Medium
2
Low
Stored XSS in AREA tutorials
Reported by:
who_am_i_
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Django Debug Mode Enabled - Information Disclosure on api.wwm-dev.autodesk.com
Reported by:
khoof
|
Disclosed:
Medium
Weakness: Information Exposure Through Debug Information
Insecure Direct Object Reference (IDOR) Vulnerability in Autodesk User Profile
Reported by:
eyax0
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
Wordpress users Disclosure
Reported by:
karimtantawy
|
Disclosed:
Critical
Weakness: Information Disclosure
IDOR Vulnerability Allowing Unauthorized Profile Picture Change
Reported by:
tasin_zucced___
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
CVE-2023-5561 on Payapps.com
Reported by:
khoof
|
Disclosed:
Medium
Weakness: Information Disclosure
HTML Injection in Business Name Parameter in Payapps
Reported by:
0xsom3a
|
Disclosed:
Medium
Weakness: Code Injection
Insecure Direct Object Reference (IDOR) in GraphQL deleteProfileImages Mutation
Reported by:
alphahacks
|
Disclosed:
High
Weakness: Insecure Direct Object Reference (IDOR)
Twitter broken link hijacking in thewild.com
Reported by:
yunxohang
|
Disclosed:
Low
Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com
Reported by:
ahmednasr1
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
SSRF in Autodesk Rendering leading to account takeover
Reported by:
metereorpreter
|
Disclosed:
Critical
Weakness: Server-Side Request Forgery (SSRF)
Stored XSS via Post Tittle Enabling Non-Privileged User to Privileged User Exploitation on https://forums.autodesk.com/
Reported by:
the-white-evil
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Stored Cross-Site Scripting found in custom integration app on https://admin.b360.autodesk.com.
Reported by:
the-white-evil
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Exposing debug.log file leads to server full path disclosure
Reported by:
kanon4
|
Disclosed:
Low
Weakness: Information Disclosure