Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

MTN Group - HackerOne Reports

View on HackerOne

128

Total Reports

41

Critical

29

High

47

Medium

6

Low

Reflected xss on videostore.mtnonline.com

Reported by: possowski | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt

Reported by: zero_or_1 | Disclosed:

High

Weakness: Information Disclosure

Remote code execution due to unvalidated file upload

Reported by: aliyugombe | Disclosed:

Critical

Weakness: Improper Input Validation

Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228

Reported by: renzi | Disclosed:

Critical

Weakness: OS Command Injection

CVEs: CVE-2021-44228

Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228

Reported by: renzi | Disclosed:

Critical

Weakness: OS Command Injection

CVEs: CVE-2021-44228

HTML injection in email content during registration via FirstName/LastName parameter

Reported by: ibrahimatix0x01 | Disclosed:

Medium

Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Reflected cross site scripting (XSS) attacks Reflected XSS attacks,

Reported by: 0xmekky | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server

Reported by: zer0code | Disclosed:

Critical

Weakness: Code Injection

XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

Reported by: homosec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

path traversal vulnerability in Grafana 8.x allows " local file read "

Reported by: malagham | Disclosed:

Critical

cross site scripting in : mtn.bj

Reported by: alimanshester | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

RXSS - http://macademy.mtnonline.com

Reported by: 0xelkomy | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Wordpress users Disclosure [ /wp-json/wp/v2/users/ ]

Reported by: shubham_srt | Disclosed:

Critical

Weakness: Information Disclosure

Cross-Site Request Forgery (CSRF) to xss

Reported by: lu3ky-13 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history

Reported by: xlife | Disclosed:

Medium

Weakness: Information Disclosure

Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure

Reported by: wallotry | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

IDOR [mtnmobad.mtnbusiness.com.ng]

Reported by: insomnia_hax | Disclosed:

Critical

Download full backup [Mtn.co.rw]

Reported by: ibrahimatix0x01 | Disclosed:

Critical

Reflected - XSS

Reported by: mathara | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions

Reported by: b5bb904ea6b315a566eb691 | Disclosed:

Medium

Weakness: Incorrect Authorization

Page 1 of 7 Next