Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mapbox - HackerOne Reports

View on HackerOne

15

Total Reports

2

Critical

1

High

4

Medium

2

Low

Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues

Reported by: fransrosen | Disclosed:

Critical

Weakness: Command Injection - Generic

null pointer dereference and segfault in tile-count-merge

Reported by: geeknik | Disclosed:

High

Weakness: NULL Pointer Dereference

Public access to objects in AWS S3 bucket

Reported by: ehsahil | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $750.00

target="_blank" Vulnerability Resulting in Critical Phishing Vector

Reported by: cha5m | Disclosed:

Weakness: Open Redirect

Reflected XSS via XML Namespace URI on https://go.mapbox.com/index.php/soap/

Reported by: h4ck3d | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Admin Panel Accessed (OAuth Bypassed )

Reported by: anees_khan | Disclosed:

Critical

Weakness: Command Injection - Generic

Bounty: $4000.00

Mapbox Android SDK uses Broadcast Receiver instead of Local Broadcast Manager

Reported by: mishre | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $1000.00

Blind XSS in mapbox.com/contact

Reported by: ehsahil | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $750.00

XSS on www.mapbox.com/authorize/ because of open redirect at /core/oauth/auth

Reported by: stefanovettorazzi | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

XSS on www.mapbox.com/authorize

Reported by: stefanovettorazzi | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Logging a user into attacker's account using password reset link

Reported by: shahmeer-amir | Disclosed:

Weakness: Violation of Secure Design Principles

Bounty: $600.00

Stored xss in editor

Reported by: ehsahil | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $1000.00

Open Aws Amazon S3 Buckets

Reported by: saadahmedx | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $500.00

Stored XSS | api.mapbox.com | IE 11 | Styles name

Reported by: renekroka | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Node modules path disclosure due to lack of error handling

Reported by: apapedulimu | Disclosed:

Low

Weakness: Information Disclosure