DuckDuckGo - HackerOne Reports
View on HackerOne14
Total Reports
2
Critical
7
High
5
Medium
0
Low
DOM XSS on 50x.html page on proxy.duckduckgo.com
Reported by:
smither
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - DOM
DOM XSS on duckduckgo.com search
Reported by:
sijisu
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
XXE on https://duckduckgo.com
Reported by:
mik317
|
Disclosed:
Critical
Weakness: XML External Entities (XXE)
SSRF on duckduckgo.com/iu/
Reported by:
d0nut
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
DOM XSS on duckduckgo.com search
Reported by:
cujanovic
|
Disclosed:
High
com.duckduckgo.mobile.android - Cache corruption
Reported by:
webklex
|
Disclosed:
Medium
Weakness: Business Logic Errors
DOM XSS on 50x.html page
Reported by:
cujanovic
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - DOM
Reflected/Stored XSS on duckduckgo.com
Reported by:
monke
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Reflected
SSRF in proxy.duckduckgo.com via the image_host parameter
Reported by:
fpatrik
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)
Reported by:
cujanovic
|
Disclosed:
Critical
XSS in Subdomain of DuckDuckGo
Reported by:
mr_r3boot
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
XSS on Videos IA
Reported by:
benzetaa
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
DOM XSS on duckduckgo.com search
Reported by:
cujanovic
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Partial bypass of #483774 with Blind XXE on https://duckduckgo.com
Reported by:
mik317
|
Disclosed:
High
Weakness: XML External Entities (XXE)