Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Gratipay - HackerOne Reports

View on HackerOne

88

Total Reports

0

Critical

5

High

14

Medium

13

Low

Host Header poisoning on gratipay.com

Reported by: aaron_costello | Disclosed:

Weakness: Violation of Secure Design Principles

upgrade Aspen on inside.gratipay.com to pick up CR injection fix

Reported by: valievkarim | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $40.00

Bypassing X-frame options

Reported by: haxorgirl | Disclosed:

Weakness: UI Redressing (Clickjacking)

Broken link for stale DNS entry may be leveraged for Phishing, Misinformation, Serving Malware

Reported by: mehmil | Disclosed:

Sub Domain Takeover

Reported by: b3nac | Disclosed:

Markdown parsing issue enables insertion of malicious tags

Reported by: ru94mb | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Avoid "resend verification email" confusion

Reported by: s_p_q_r | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $1.00

Submit a non valid syntax email

Reported by: drstache | Disclosed:

Weakness: Violation of Secure Design Principles

PHP 5.4.45 is Outdated and Full of Preformance Interupting Arbitrary Code Execution Bugs

Reported by: sondash128 | Disclosed:

Weakness: Violation of Secure Design Principles

CVEs: CVE-2015-2301 CVE-2014-3981 CVE-2014-9652 CVE-2014-5459 CVE-2014-4698 CVE-2014-4670

bring grtp.co up to A grade on SSLLabs

Reported by: mmyamin | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Bounty: $1.00

change bank account numbers

Reported by: whit537 | Disclosed:

Medium

Weakness: Information Disclosure

XSS Via Method injection

Reported by: exception | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Show hide privacy giving receiving on my website

Reported by: test99767 | Disclosed:

Weakness: Privacy Violation

Gratipay rails secret token (secret_key_base) publicly exposed in GitHub

Reported by: sp4rrow | Disclosed:

Medium

Weakness: Cleartext Storage of Sensitive Information

Reflected XSS - gratipay.com

Reported by: tungpun | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Harden resend throttling

Reported by: whit537 | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

X-Content-Type Header Missing For aspen.io

Reported by: bugdiscloseguys | Disclosed:

Weakness: Violation of Secure Design Principles

auto-logout after 20 minutes

Reported by: trabajoduro | Disclosed:

Low

Weakness: Improper Authentication - Generic

limit number of images in statement

Reported by: hogarth45 | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Bounty: $1.00

protect against tabnabbing in statement

Reported by: atom | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Previous Page 3 of 5 Next