Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

OWOX, Inc. - HackerOne Reports

View on HackerOne

16

Total Reports

5

Critical

3

High

3

Medium

3

Low

Session is not expire after logout

Reported by: saqib98 | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility

Reported by: sp1d3rs | Disclosed:

High

Direct IP Access

Reported by: ph_spade | Disclosed:

Low

Weakness: Information Disclosure

Unrestricted File Upload in Chat Window

Reported by: ant_pyne | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Subdomain Takeover on http://kiosk.owox.com/

Reported by: hax0rgb | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Stored XSS at https://finance.owox.com/customer/accountList

Reported by: sp1d3rs | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.

Reported by: imthehackerlor | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected XSS

Reported by: imthehackerlor | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Access to Grafana Dashboard

Reported by: thehackerish | Disclosed:

Medium

Weakness: Information Disclosure

Subdomain Takeover on http://blog.owox.com/

Reported by: yynl | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Subdomain Takeover on OWOX.RU

Reported by: yynl | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Broken Authentication & Session Management (Login Bypass) at support.owox.com

Reported by: koviri_jagdish | Disclosed:

Critical

Weakness: Improper Authentication - Generic

HTTP Response Splitting(CRLF injection) in bi.owox.com

Reported by: quistertow | Disclosed:

Weakness: Command Injection - Generic

ClickJacking

Reported by: blablaa | Disclosed:

Weakness: UI Redressing (Clickjacking)

invalid URL parsing with and '@'

Reported by: yynl | Disclosed:

Low

Weakness: HTTP Response Splitting

Subdomain takeover in many subdomains

Reported by: haxormad | Disclosed:

Critical

Weakness: Privilege Escalation