Lab45 - HackerOne Reports
View on HackerOne23
Total Reports
1
Critical
5
High
15
Medium
2
Low
Reflected-XSS on https://www.topcoder.com/tc via pt parameter
Reported by:
laz0rde
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
SVG file upload leads to XML injection
Reported by:
tushr
|
Disclosed:
Low
Weakness: XML Injection
Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII
Reported by:
mase289
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com
Reported by:
n0x496n
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
CVEs:
CVE-2018-5230
IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data
Reported by:
cankat
|
Disclosed:
Medium
Weakness: Information Disclosure
PII of Users Disclosure using "/members/invite/" endpoint
Reported by:
bonikia97
|
Disclosed:
High
Weakness: Information Disclosure
CSRF on https://apps.topcoder.com/wiki/users/editmyprofilepicture.action
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
CSRF on https://apps.topcoder.com/wiki/users general and email preferences
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
CSRF on https://apps.topcoder.com/wiki/users/editmyprofile.action
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
Stored-Xss at connect.topcoder.com/projects/ affected on project chat members
Reported by:
sodium_
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Post Based Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Stored XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
Reported by:
meryem0x
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Reflected XSS on error page on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS on https://apps.topcoder.com/wiki/page/
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS on https://apps.topcoder.com/wiki/
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
CSRF on https://apps.topcoder.com/wiki/pages/doattachfile.action
Reported by:
meryem0x
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Stored XSS on https://apps.topcoder.com/wiki/pages/editpage.action
Reported by:
meryem0x
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Reflected XSS in https://www.topcoder.com/blog/category/community-stories/
Reported by:
c0mbo
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Reflected
Page 1 of 2
Next