Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Gratipay - HackerOne Reports

View on HackerOne

88

Total Reports

0

Critical

5

High

14

Medium

13

Low

Limit email address length

Reported by: jaypatel | Disclosed:

Low

Weakness: Improper Authentication - Generic

Saying goodbye to HackerOne and Gratipay.

Reported by: edoverflow | Disclosed:

URL Given leading to end users ending up in malicious sites

Reported by: ant_pyne | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

SPF Protection not used, I can hijack your email server

Reported by: lovepakistan | Disclosed:

Weakness: Cryptographic Issues - Generic

Possible User Session Hijack using Invalid HTTPS certificate on inside.gratipay.com domain

Reported by: mr_unknown | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

don't leak Server version for assets.gratipay.com

Reported by: ahsan | Disclosed:

Weakness: Information Disclosure

Lack of CSRF token validation at server side

Reported by: yodha | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Insecure Transportation Security Protocol Supported (TLS 1.0)

Reported by: yodha | Disclosed:

Weakness: Violation of Secure Design Principles

Username can be used to trick the victim on the name of www.gratipay.com

Reported by: akash_9021 | Disclosed:

Weakness: Violation of Secure Design Principles

Username Restriction is not applied for reserved folders

Reported by: akash_9021 | Disclosed:

Weakness: Violation of Secure Design Principles

Login csrf.

Reported by: diffender23 | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Gratipay Website CSP "script-scr" includes "unsafe-inline"

Reported by: smziaurrashid | Disclosed:

Low

Weakness: HTTP Request Smuggling

CSP "script-src" includes "unsafe-inline" in https://gratipay.com

Reported by: d4rk_g1rl | Disclosed:

Weakness: Violation of Secure Design Principles

Application-level DoS on image's "size" parameter.

Reported by: edoverflow | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

set Expires header

Reported by: hassanjawaid | Disclosed:

Weakness: Improper Authentication - Generic

set Pragma header

Reported by: hassanjawaid | Disclosed:

Weakness: Improper Authentication - Generic

Adding Used Primary Email Address to attacker account and Account takeover

Reported by: sandeepl337 | Disclosed:

Weakness: Business Logic Errors

HTTP trace method is enabled on gip.rocks

Reported by: a0xnirudh | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Content length restriction bypass can lead to DOS by reading large files on gip.rocks

Reported by: a0xnirudh | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

self cross site scripting

Reported by: tanvi07 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Page 1 of 5 Next