Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

LinkedIn - HackerOne Reports

View on HackerOne

45

Total Reports

3

Critical

8

High

24

Medium

7

Low

HTML injection at Company Name or Product Name and can be shown on Contact Sales form

Reported by: domg | Disclosed:

Low

CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/*

Reported by: marvelmaniac | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Unauthorized access to resumes stored on LinkedIn

Reported by: headhunter | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

LinkedIn users primary email + full name visibilty

Reported by: headhunter | Disclosed:

High

Weakness: Information Disclosure

[ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters

Reported by: find_me_here | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Stored XSS on LinkedIn App via iframe tag in Article

Reported by: domg | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Can VIEW Videos on LinkedIn Learning that Require a Subscription Without having to Subscribe Via `SHARE features`

Reported by: find_me_here | Disclosed:

Medium

Weakness: Privilege Escalation

Employee-only Area Bypass

Reported by: mv0x01 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Delete any LinkedIn comment on learning API of other users

Reported by: encodedguy | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Attacker can unpin posts from companies he's not part of.

Reported by: spaceboy20 | Disclosed:

Low

Can access the job name, creator name and can report any draft/under review/rejected job

Reported by: sachin_kr | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]

Reported by: naaash | Disclosed:

Medium

Weakness: Privilege Escalation

User Details Can Be Disclosed Even If The Account IS In Hibernation State

Reported by: tushar6378 | Disclosed:

Low

Weakness: Information Disclosure

Can see phone numbers of others by providing mail address

Reported by: sevada797 | Disclosed:

High

Weakness: Information Disclosure

Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)

Reported by: sachinrajput | Disclosed:

CSRF that makes any user send invitations to the attacker by simply clicking on a link.

Reported by: marvelmaniac | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Html injection in event Description

Reported by: khaledx | Disclosed:

Low

Weakness: Improper Input Validation

Access to resumes applied through LinkedIn Jobs

Reported by: headhunter | Disclosed:

Critical

Weakness: Information Disclosure

HTML Injection in LinkedIn Premium Support Chat

Reported by: nagu123 | Disclosed:

Low

HTTP Request Smuggling (CL.0) leads to mass redirect users to attacker server without user interaction

Reported by: vampirex | Disclosed:

High

Weakness: HTTP Request Smuggling

Page 1 of 3 Next