Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Logitech - HackerOne Reports

View on HackerOne

15

Total Reports

0

Critical

1

High

9

Medium

5

Low

One Click Account takeover using Ouath CSRF bypass by adding Null byte %00 in state parameter on www.streamlabs.com

Reported by: surajbhosale | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $200.00

session takeover via open protocol redirection on streamlabs.com

Reported by: f_m | Disclosed:

Medium

Weakness: Open Redirect

Bounty: $200.00

Steal any users `access_token` via open redirect in https://streamlabs.com/global/identity?popup=1&r=

Reported by: sudi | Disclosed:

Medium

Stored XSS in [https://streamlabs.com/dashboard#/*goal] pages

Reported by: sudi | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

CSRF in changing users donation_settings [https://streamlabs.com/api/v6/viewer-portal/viewer-settings/donation_settings]

Reported by: sudi | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot

Reported by: nrockhouse | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $200.00

GET based Open redirect on [streamlabs.com/content-hub/streamlabs-obs/search?query=]

Reported by: raywando | Disclosed:

Low

Weakness: Open Redirect

Bounty: $100.00

Privilege Escalation Leads to Control The Owner Access Token Which leads to control the stream [streamlabs.com]

Reported by: mrmax4o4 | Disclosed:

Low

Weakness: Privilege Escalation

Host Header injection in oslo.io (using X-Forwarded-For header) leading to email spoofing

Reported by: hammodmt | Disclosed:

High

Weakness: Business Logic Errors

IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field

Reported by: bugra | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Sensitive information disclosure to shared access user via streamlabs platform api

Reported by: pspspsp | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $200.00

Moderator user has access to owner's support portal and tickets

Reported by: pspspsp | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $200.00

Manipulating response leads to free access to Streamlabs Prime

Reported by: sudi | Disclosed:

Medium

Weakness: Business Logic Errors

Stored XSS on oslo.io in notifications via project name change

Reported by: optional | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

clickjacking on deleting user's clips [https://crossclip.com/clips]

Reported by: ibrahimatix0x01 | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)