Informatica - HackerOne Reports
View on HackerOne68
Total Reports
11
Critical
34
High
14
Medium
7
Low
CVE-2021-40870 in [███]
Reported by:
fdeleite
|
Disclosed:
Critical
Weakness: Code Injection
CVEs:
CVE-2021-40870
XXE through injection of a payload in the XMP metadata of a JPEG file
Reported by:
moebius
|
Disclosed:
Critical
Weakness: XML External Entities (XXE)
[community.informatica.com] - CSRF in Private Messages allows to move user's messages to Trash
Reported by:
artem
|
Disclosed:
High
Weakness: Cross-Site Request Forgery (CSRF)
[alpha.informatica.com] Expensive DOMXSS
Reported by:
albinowax
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
[uk.informatica.com] XSS on uk.informatica..com
Reported by:
grampae
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
[kb.informatica.com] Dom Based xss
Reported by:
e3xpl0it
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
[informatica.com]- Cross Site scripting
Reported by:
rotembar
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
[https://life.informatica.com] - information disclose
Reported by:
modam3r5
|
Disclosed:
High
Weakness: Information Disclosure
[mysupport.informatica.com] - reflected XSS
Reported by:
mtk0308
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
[informatica.com]- Information Disclosure
Reported by:
rotembar
|
Disclosed:
Medium
Weakness: Information Disclosure
F5 BIG-IP Cookie potentially reveal BigIP pool name, backend's IP address and port, routed domain.
Reported by:
reebak
|
Disclosed:
Low
Weakness: Information Disclosure
SSRF on infawiki.informatica.com and infawikitest.informatica.com
Reported by:
0ang3el
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
Improper Sanitization leads to XSS Fire on admin panel
Reported by:
montypythin
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
[marketplace.informatica.com] - Sensitive Data Exposure
Reported by:
shogunlab
|
Disclosed:
Low
Weakness: Privacy Violation
jira discloser information
Reported by:
isumitpatel
|
Disclosed:
Low
Weakness: Information Disclosure
[marketplace.informatica.com] Persistent XSS through document title
Reported by:
kasperkarlsson
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
[kb.informatica.com] DOM based XSS in the bindBreadCrumb function
Reported by:
s_p_q_r
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
[marketplace.informatica.com] - Template Injection
Reported by:
samengmg
|
Disclosed:
Critical
Weakness: Code Injection
[product360.informatica.com] Unauthenticated Apache Tomcat 8 Installation
Reported by:
zephrfish
|
Disclosed:
Low
Weakness: Information Disclosure