Mavenlink - HackerOne Reports
View on HackerOne11
Total Reports
0
Critical
2
High
3
Medium
4
Low
Password reset link injection allows redirect to malicious URL
Reported by:
cablej
|
Disclosed:
High
User uploaded portfolio files can be accessed by any user even after deleted
Reported by:
tolo7010
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)
Account members can re-add themselve after has been deleted by administrator
Reported by:
tolo7010
|
Disclosed:
Low
Weakness: Privilege Escalation
Cookies are not cleared from Server side on Logout
Reported by:
rajauzairabdullah
|
Disclosed:
Tabnabbing via Window.Opener @Mavenlink
Reported by:
chols
|
Disclosed:
Low
Weakness: Open Redirect
Uninitialized server memory disclosure via ImageMagick gif parser
Reported by:
chaosbolt
|
Disclosed:
High
Weakness: Information Disclosure
Users email can be changed without verification
Reported by:
tolo7010
|
Disclosed:
Weakness: Business Logic Errors
[app.mavenlink.com] IDOR to view sensitive information
Reported by:
dyoon
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
CSRF Add user templates
Reported by:
tolo7010
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Information disclosure when trying to delete an expense's attachment on m.mavenlink.com
Reported by:
aroly
|
Disclosed:
Medium
Weakness: Information Disclosure
Participation of expired account holders in Projects can occure financial loss to Mavenlink
Reported by:
rashedhasan007
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)