Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

MTN Group - HackerOne Reports

View on HackerOne

128

Total Reports

41

Critical

29

High

47

Medium

6

Low

Reflected xss on videostore.mtnonline.com

Reported by: possowski | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions

Reported by: b5bb904ea6b315a566eb691 | Disclosed:

Medium

Weakness: Incorrect Authorization

HTML injection in email content during registration via FirstName/LastName parameter

Reported by: ibrahimatix0x01 | Disclosed:

Medium

Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt

Reported by: zero_or_1 | Disclosed:

High

Weakness: Information Disclosure

Remote code execution due to unvalidated file upload

Reported by: aliyugombe | Disclosed:

Critical

Weakness: Improper Input Validation

Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228

Reported by: renzi | Disclosed:

Critical

Weakness: OS Command Injection

CVEs: CVE-2021-44228

Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228

Reported by: renzi | Disclosed:

Critical

Weakness: OS Command Injection

CVEs: CVE-2021-44228

Reflected cross site scripting (XSS) attacks Reflected XSS attacks,

Reported by: 0xmekky | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

IDOR Leads To User Profile Modification https://mtnmobad.mtnbusiness.com.ng/app/updateUser

Reported by: reachaxis | Disclosed:

Critical

Weakness: Incorrect Authorization

Accessible Restricted directory on [bcm-bcaw.mtn.cm]

Reported by: tounsi_007 | Disclosed:

Medium

Weakness: Information Exposure Through Directory Listing

Insecure crossdomain.xml on https://vdc.mtnonline.com/

Reported by: xlife | Disclosed:

High

Weakness: Information Disclosure

Yet Another OTP code Leaked in the API Response

Reported by: tinopreter | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin=<VULNERABLE>

Reported by: hazemhussien99 | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Reflected

SSRF Keycloak before 13.0.0 - CVE-2020-10770 on https://sponsoredata.mtn.ci

Reported by: renzi | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

CVEs: CVE-2020-10770

Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]

Reported by: tounsi_007 | Disclosed:

Critical

Weakness: OS Command Injection

Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-3506]

Reported by: tounsi_007 | Disclosed:

Critical

Weakness: OS Command Injection

Leaking usernames through endpoints Wordpress

Reported by: alitoni224 | Disclosed:

High

Weakness: Information Disclosure

XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

Reported by: homosec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

Reported by: homosec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Sensitive Information Disclosure Through Config File

Reported by: dh0pe | Disclosed:

High

Weakness: Cleartext Storage of Sensitive Information

Page 1 of 7 Next