Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Pushwoosh - HackerOne Reports

View on HackerOne

17

Total Reports

3

Critical

1

High

3

Medium

8

Low

Clickjacking

Reported by: b1b62e8d81ce1e3993ad913 | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Unsecured Grafana instance

Reported by: abc12345 | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Read Application Name , Subscribers Count

Reported by: cyriac | Disclosed:

Medium

Weakness: Information Disclosure

Nginx version disclosure via response header

Reported by: japz | Disclosed:

Low

Weakness: Information Disclosure

Stored XSS in Filters

Reported by: faisalahmed | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Development configuration file

Reported by: protector47 | Disclosed:

Critical

Weakness: Information Disclosure

Publicy accessible IDRAC instance at api-m.inapp.pushwoosh.com

Reported by: sp1d3rs | Disclosed:

Low

Weakness: Improper Authentication - Generic

Spam Some one using (user.saveInvite) system

Reported by: madrobot | Disclosed:

Low

Weakness: Memory Corruption - Generic

htaccess file is accesible

Reported by: japz | Disclosed:

Low

Weakness: Information Disclosure

Reflected Xss on

Reported by: d1pakda5 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Spoof Email with Hyperlink Injection via Invites functionality

Reported by: japz | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Nginx server version disclosure

Reported by: japz | Disclosed:

Low

Weakness: Information Disclosure

Password Forgot/Password Reset Request Bug

Reported by: ameerpornillos | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Bypass the resend limit in Send Invites

Reported by: cyriac | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Administrator Access To Management Console

Reported by: ameerpornillos | Disclosed:

Critical

Weakness: Command Injection - Generic

Cross-Site Scripting Stored On Rich Media

Reported by: hussain_0x3c | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Cleartext Password returned in JSON response

Reported by: ryudox | Disclosed:

Low

Weakness: Cleartext Storage of Sensitive Information