Informatica - HackerOne Reports
View on HackerOne68
Total Reports
11
Critical
34
High
14
Medium
7
Low
[alpha.informatica.com] Expensive DOMXSS
Reported by:
albinowax
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
[uk.informatica.com] XSS on uk.informatica..com
Reported by:
grampae
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
RXSS in http://procurement-businesscatalog.informatica.com
Reported by:
min4tor
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Reflected
[kb.informatica.com] Dom Based xss
Reported by:
e3xpl0it
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
[https://life.informatica.com] - information disclose
Reported by:
modam3r5
|
Disclosed:
High
Weakness: Information Disclosure
F5 BIG-IP Cookie potentially reveal BigIP pool name, backend's IP address and port, routed domain.
Reported by:
reebak
|
Disclosed:
Low
Weakness: Information Disclosure
SSRF on infawiki.informatica.com and infawikitest.informatica.com
Reported by:
0ang3el
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
Improper Sanitization leads to XSS Fire on admin panel
Reported by:
montypythin
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
[marketplace.informatica.com] - Sensitive Data Exposure
Reported by:
shogunlab
|
Disclosed:
Low
Weakness: Privacy Violation
[marketplace.informatica.com] Persistent XSS through document title
Reported by:
kasperkarlsson
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
[kb.informatica.com] DOM based XSS in the bindBreadCrumb function
Reported by:
s_p_q_r
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Generic
[marketplace.informatica.com] - Template Injection
Reported by:
samengmg
|
Disclosed:
Critical
Weakness: Code Injection
[product360.informatica.com] Unauthenticated Apache Tomcat 8 Installation
Reported by:
zephrfish
|
Disclosed:
Low
Weakness: Information Disclosure
[informatica.com] Blind SQL Injection
Reported by:
konqi
|
Disclosed:
Critical
Weakness: SQL Injection
[20.98.103.245] Cross-Site Scripting (XSS) via /ssl-vpn/getconfig.esp at GlobalProtect VPN Portal
Reported by:
xbow
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Reflected
EXIF metadata not stripped from profile image
Reported by:
growler09
|
Disclosed:
Medium
Weakness: Missing Encryption of Sensitive Data
[marketplace.informatica.com] - XXE
Reported by:
yarbabin
|
Disclosed:
High
Weakness: Command Injection - Generic
[rev-app.informatica.com] - XXE via SAML
Reported by:
yarbabin
|
Disclosed:
High
Weakness: Command Injection - Generic
[marketplace.informatica.com] - XXE
Reported by:
yarbabin
|
Disclosed:
High
Weakness: Command Injection - Generic