Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GSA Bounty - HackerOne Reports

View on HackerOne

49

Total Reports

3

Critical

9

High

19

Medium

11

Low

[idp.fr.cloud.gov] Open Redirect

Reported by: bobrov | Disclosed:

Low

Weakness: Open Redirect

Bounty: $150.00

Homo graphs attack

Reported by: hackaccinocraft | Disclosed:

Weakness: Violation of Secure Design Principles

Redirect on authorization allows account compromise

Reported by: cablej_dds | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Stealing Users OAuth Tokens through redirect_uri parameter

Reported by: manshum12 | Disclosed:

High

Weakness: Open Redirect

Bounty: $750.00

Nginx misconfiguration leading to direct PHP source code download

Reported by: tolo7010 | Disclosed:

High

Weakness: Information Disclosure

Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov

Reported by: sp1d3rs | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $150.00

Subdomain Takeover due to unclaimed domain pointing to AWS

Reported by: zephrfish | Disclosed:

Low

Weakness: Off-by-one Error

Bounty: $150.00

SSRF/XSPA in labs.data.gov/dashboard/validate

Reported by: haxta4ok00 | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $300.00

The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible

Reported by: sp1d3rs | Disclosed:

Low

Weakness: Insufficient Session Expiration

Bounty: $150.00

Link poisoning on https://secure.login.gov/ login page

Reported by: albinowax | Disclosed:

Low

Weakness: Open Redirect

Bounty: $150.00

open redirect in eb9f.pivcac.prod.login.gov

Reported by: timwhite | Disclosed:

Low

Weakness: Open Redirect

Bounty: $150.00

Subdomain Takeover

Reported by: nevertoolate | Disclosed:

High

Weakness: Privilege Escalation

Denial of service via cache poisoning on https://www.data.gov/

Reported by: kq8dq | Disclosed:

High

Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov

Reported by: nagli | Disclosed:

Medium

Weakness: Information Disclosure

Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone

Reported by: pressihackerone | Disclosed:

Medium

HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute

Reported by: sp1d3rs | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $900.00

Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint

Reported by: mariuszpoplawski | Disclosed:

Medium

Weakness: Use of Inherently Dangerous Function

Bounty: $300.00

Limited LFI

Reported by: mariuszpoplawski | Disclosed:

Medium

Weakness: Remote File Inclusion

Bounty: $300.00

CI for [example.gov] can be logged in and accessible

Reported by: kunal94 | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Bounty: $2000.00

Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host

Reported by: sp1d3rs | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $300.00

Previous Page 2 of 3 Next