Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Judge.me - HackerOne Reports

View on HackerOne

18

Total Reports

0

Critical

3

High

8

Medium

1

Low

stored XSS on AliExpress Review Importer/Products when delete product

Reported by: glister | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $500.00

Improper Access Control in Ali Express Importer

Reported by: penguinshelp | Disclosed:

Medium

Weakness: Improper Access Control - Generic

IDOR: leak buyer info & Publish/Hide foreign comments

Reported by: glister | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $1250.00

Email templates XSS by filterXSS bypass

Reported by: caue | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $1250.00

Stored XSS in "product type" field executed via product filters

Reported by: glister | Disclosed:

Medium

Bounty: $500.00

HTML injection in review content

Reported by: 0xteles | Disclosed:

Weakness: Command Injection - Generic

Stored XSS in Question edit from product name

Reported by: glister | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $500.00

XSS in Widget Review Form Preview in settings

Reported by: penguinshelp | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Race condition on https://judge.me/people

Reported by: netboom | Disclosed:

Low

Weakness: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bounty: $250.00

Blind XSS via Feedback form.

Reported by: b3hlull | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Log4j RCE on https://judge.me/reviews

Reported by: bhishma14 | Disclosed:

Weakness: Code Injection

Bounty: $50.00

CVEs: CVE-2021-44228

The response shows the nginx version

Reported by: cametome006 | Disclosed:

Weakness: Information Exposure Through Sent Data

Self-XSS due to image URL can be eploited via XSSJacking techniques in review email

Reported by: penguinshelp | Disclosed:

Medium

Stored XSS in Public Profile Reviews

Reported by: vj1naruto | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $250.00

Stored XSS in Question edit for product name (bypass #1416672)

Reported by: glister | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $500.00

Error Page Content Spoofing or Text Injection

Reported by: tefa_ | Disclosed:

Weakness: Business Logic Errors

HTML INJECTION (STORED)

Reported by: criptex | Disclosed:

Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Stored XSS in Email Templates via link

Reported by: rioncool22 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $500.00