Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Gratipay - HackerOne Reports

View on HackerOne

88

Total Reports

0

Critical

5

High

14

Medium

13

Low

Inadequate/dangerous jQuery behavior

Reported by: mhashim29 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Send email asynchronously

Reported by: hharry | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $10.00

prevent %2f spoofed URLs in profile statement

Reported by: 007divyachawla | Disclosed:

Weakness: Open Redirect

fix bug in username restriction

Reported by: a5tronaut | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Information Disclosure on inside.gratipay.com

Reported by: malek | Disclosed:

Weakness: Information Disclosure

clickjacking on https://gratipay.com/on/npm/[text]

Reported by: nihaddl | Disclosed:

Weakness: UI Redressing (Clickjacking)

Gratipay uses the random module's cryptographically insecure PRNG.

Reported by: edoverflow | Disclosed:

Weakness: Cryptographic Issues - Generic

Cookie HttpOnly Flag Not Set

Reported by: lulliii | Disclosed:

Content type incorrectly stated

Reported by: lulliii | Disclosed:

XSS found In Your Web

Reported by: arslan1337 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

[gratipay.com] Cross Site Tracing

Reported by: ahsan | Disclosed:

Weakness: Information Disclosure

Unauthorized access to the slack channel via inside.gratipay.com/appendices/chat

Reported by: 7h0r4pp4n | Disclosed:

Weakness: Improper Authentication - Generic

POODLE SSLv3.0

Reported by: wazehell | Disclosed:

Transferring incorrect data to the http://gip.rocks/v1 endpoint with correct Content-Type leads to local paths disclosure through the error message

Reported by: sp1d3rs | Disclosed:

Low

Weakness: Information Exposure Through an Error Message

Cross Site Scripting In Profile Statement

Reported by: muhaddix | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

x-xss protection header is not set in response header

Reported by: karthic | Disclosed:

Weakness: Violation of Secure Design Principles

Email Spoofing

Reported by: tangina | Disclosed:

Weakness: Violation of Secure Design Principles

User Enumeration

Reported by: aa23 | Disclosed:

Weakness: Improper Authentication - Generic

Possible Blind SQL injection | Language choice in presentation

Reported by: drstache | Disclosed:

Weakness: Violation of Secure Design Principles

self cross site scripting

Reported by: tanvi07 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Previous Page 2 of 5 Next