Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mars - HackerOne Reports

View on HackerOne

57

Total Reports

10

Critical

9

High

27

Medium

10

Low

Response Manipulation lead to bypass verification code while making appointment at `█████████`

Reported by: mo3giza | Disclosed:

Medium

Weakness: Business Logic Errors

No CSRF protection when adding an item to cart

Reported by: themarkib0x0 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Stored XSS + CSRF in "apellido" value

Reported by: never_die | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Reflected HTML Injection via contact (faq) search parameter on ██████████

Reported by: the-white-evil | Disclosed:

Medium

Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

IDOR in one subdomain of █████████ -> change information of pets without athorization!

Reported by: haoshokunoo | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

RXSS on ████ via q parameter

Reported by: mo_salah12 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

[XSS] Reflected XSS via POST request in (███████)

Reported by: morphykutay | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

█████████ when adding branches to your account

Reported by: kh4rish34v3n | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Reflected HTML Injection via contact (faq) search parameter on ███]=

Reported by: the-white-evil | Disclosed:

Medium

Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

████ ' can add animal to other account ' at ██████

Reported by: 0xs4m | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

phpinfo() exposed on ██████████

Reported by: thpless | Disclosed:

Weakness: Misconfiguration

debug.log File Exposure that exposes (user/████) username and password at █████████

Reported by: skoll101 | Disclosed:

High

Weakness: Cleartext Storage of Sensitive Information

Attacker can add two free bags offered by the site at the same time.

Reported by: mkhmd17 | Disclosed:

Medium

Weakness: Business Logic Errors

Reflected XSS on formaction parameter

Reported by: e5p3ctr0x96 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Client Side Template Injection to Stored XSS in Image Collection

Reported by: themarkib0x0 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Sqli on ██████ search functionality

Reported by: b_i_n_i_a_m | Disclosed:

Medium

Weakness: SQL Injection

CVE-2022-21371: Oracle WebLogic Server Local File Inclusion

Reported by: deb0con | Disclosed:

High

Information Exposure due to enabled debug mode

Reported by: thpless | Disclosed:

Low

CSRF to delete a pet on ██████

Reported by: dr34m14 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

CRLF Inection at `██████████`

Reported by: mo3giza | Disclosed:

Low

Weakness: CRLF Injection

Page 1 of 3 Next