Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

OLX - HackerOne Reports

View on HackerOne

60

Total Reports

4

Critical

8

High

16

Medium

2

Low

yaman.olx.ph/wordpress is using a very vulnerable version of WordPress and contains directory listing

Reported by: mohamedsherif | Disclosed:

Critical

Weakness: Cross-Site Request Forgery (CSRF)

Bypassing Phone Verification For Posting AD On OLX

Reported by: abhishekbaru | Disclosed:

Weakness: Improper Authentication - Generic

OLX is vulnerable to clickjaking

Reported by: piyushsonikumar1671 | Disclosed:

Medium

Arbitrary File Reading

Reported by: konqi | Disclosed:

Reflected Cross Site scripting Attack (XSS)

Reported by: nileshsapariya | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Reflected XSS on www.olx.co.id via ad_type parameter

Reported by: ameytakekar | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

XSS on Meta Tag at https://m.olx.ph

Reported by: yappare | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bypass Rejected ads so user can view it as normal live ad.

Reported by: kishoretrommer | Disclosed:

Low

Weakness: Improper Access Control - Generic

Unauthorised access to olx.in user accounts.

Reported by: palashjhabak | Disclosed:

Weakness: Improper Authentication - Generic

REFLECTED CROSS SITE SCRIPTING IN OLX

Reported by: 123456789100 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

I found a way to instantly take over ads by other users and change them (IDOR)

Reported by: kciredor | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)

Reported by: thezawad | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

XSS on Home page olx.com.ar via auto save search text

Reported by: c37hun | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

web cache deception in https://tradus.com lead to name/user_id enumeration and other info

Reported by: f_m | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

blog.praca.olx.pl database credentials exposure

Reported by: hdbreaker | Disclosed:

Medium

Weakness: Information Disclosure

XSS Reflected at SEARCH >>

Reported by: atsvetkov1337 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

CSRF in account configuration leads to complete account compromise

Reported by: cablej | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

cross-site scripting in get request

Reported by: wonderwomen007 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked

Reported by: lucasm | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Able to list user's public name, username, phone number, address, facebook ID...

Reported by: lukeberner | Disclosed:

Weakness: Information Disclosure

Page 1 of 3 Next