Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Chaturbate - HackerOne Reports

View on HackerOne

52

Total Reports

1

Critical

4

High

14

Medium

28

Low

Homograph attack on redirect URL (https://chaturbate.com/external_link/?url)

Reported by: hackaccinocraft | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Add non-existent room moderator

Reported by: popeax | Disclosed:

Low

Weakness: Improper Input Validation

Rate limit missing at room login

Reported by: lucky_sen | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Bounty: $500.00

Homograph attack on redirect URL

Reported by: sam75434 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Update Chat Allowed By Option ( without age verification )

Reported by: yuvraj_dighe | Disclosed:

Low

Weakness: Business Logic Errors

No rate limiting in changing room subject.

Reported by: cunn | Disclosed:

Low

No rate limiting in starting up a bot.

Reported by: cunn | Disclosed:

Low

Unrestricted POST request size on roomlogin endpoint

Reported by: lucach | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $200.00

Unrestricted POST request size on /customer_support/information_form/ endpoint

Reported by: testingforbugs | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Stored XSS in chat topic due to insecure emoticon parsing on any message type

Reported by: avlidienbrunn | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $450.00

Chaturbate "/chat_ignore_list/" endpoint does not check for Account status: Disabled before adding Ignore via POST

Reported by: nismo | Disclosed:

Low

Weakness: Business Logic Errors

Missing CSRF Protection in /stats EndPoint.

Reported by: kaustubh | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Stats Token doesn't expire after deactivating account

Reported by: encrypt | Disclosed:

Low

Weakness: Improper Access Control - Generic

Bounty: $250.00

Account Takeover via billing

Reported by: jolteon | Disclosed:

Critical

Weakness: Improper Authorization

Passive stored XSS at broadcast room

Reported by: skavans | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bypass subdomain limits using race condition

Reported by: encrypt | Disclosed:

Low

Weakness: Time-of-check Time-of-use (TOCTOU) Race Condition

Bounty: $100.00

The auto login link does not expire on changing email id

Reported by: whitehattushu | Disclosed:

Low

Weakness: Improper Access Control - Generic

View Failed Approval and Pending videos other users

Reported by: tismayil | Disclosed:

Low

Bounty: $200.00

Password protected rooms total number of viewers disclosure to unauthorized members

Reported by: batee5a | Disclosed:

Low

Weakness: Information Disclosure

Missing Rate Limitation at /photo_videos/photoset/create

Reported by: m00hdi | Disclosed:

Low

Weakness: Business Logic Errors

Page 1 of 3 Next