Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Moneybird - HackerOne Reports

View on HackerOne

18

Total Reports

0

Critical

1

High

4

Medium

7

Low

Content Spoofing In Moneybird

Reported by: a5tronaut | Disclosed:

Weakness: Violation of Secure Design Principles

Moneybird customers invoices leak in cacheable urls

Reported by: bogdantcaciuc | Disclosed:

Low

Logging out any user

Reported by: japz | Disclosed:

Weakness: Violation of Secure Design Principles

IDOR in https://moneybird.com/user/accountant_company/edit(change company name)

Reported by: t3chnophil3 | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

XXE issue

Reported by: 4lemon | Disclosed:

Weakness: Command Injection - Generic

Stored XSS thru SVG upload

Reported by: 4lemon | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Webhook allows sending payload using insecure HTTP protocol

Reported by: mattweidner | Disclosed:

Weakness: Cryptographic Issues - Generic

Open Redirection while saving User account Settings

Reported by: 0xprial | Disclosed:

Medium

Weakness: Open Redirect

Access control issue on invoice documents downloading feature.

Reported by: basant0x01 | Disclosed:

Low

Weakness: Improper Access Control - Generic

Stored XSS at Moneybird

Reported by: hack_im | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bypass password reset rate limit protection at moneybird.com/passwords

Reported by: osama-hamad | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Bypass of Rate limiting in secure_session endpoint's password input will lead to user password disclosure

Reported by: 0xprial | Disclosed:

Weakness: Improper Restriction of Authentication Attempts

No rate Limit

Reported by: mokhliss | Disclosed:

Low

Stored Cross Site Scripting in Customer Name

Reported by: yaworsk | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Enable 2FA without verifying the email

Reported by: rioncool22 | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Open Redirect through POST Request in OAuth

Reported by: basant0x01 | Disclosed:

Low

Weakness: Open Redirect

Stored XSS on add project

Reported by: tofla | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Pending MFA logins aren't immediatly expired after a password change

Reported by: ant_pyne | Disclosed:

Low

Weakness: Session Fixation