Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Rockstar Games - HackerOne Reports

View on HackerOne

104

Total Reports

3

Critical

18

High

59

Medium

24

Low

Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL]

Reported by: tolo7010 | Disclosed:

Medium

Weakness: Code Injection

Information Disclosure in https://www.rockstargames.com/search

Reported by: netfuzzer | Disclosed:

Low

Weakness: SQL Injection

Stored XSS on support.rockstargames.com

Reported by: mr_r3boot | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $1000.00

Client-side Template Injection in Search, user email/token leak and maybe sandbox escape

Reported by: europa | Disclosed:

Medium

Weakness: Code Injection

image injection /screenshot-viewer/responsive/image (ANOTHER FIX BYPASS)

Reported by: netfuzzer | Disclosed:

Medium

Weakness: Information Disclosure

dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)

Reported by: netfuzzer | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Table and Column Exposure

Reported by: n00bsec | Disclosed:

Low

Weakness: Information Exposure Through an Error Message

Bounty: $150.00

Stealing Facebook OAuth Code Through Screenshot viewer

Reported by: netfuzzer | Disclosed:

Medium

Weakness: Information Disclosure

<- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information ->

Reported by: rz01 | Disclosed:

Critical

Weakness: Cross-Site Request Forgery (CSRF)

DOM based XSS on /GTAOnline/tw/starterpack/

Reported by: netfuzzer | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Unquoted Service Path in "Rockstar Game Library Service"

Reported by: adr | Disclosed:

Medium

Weakness: Privilege Escalation

Ability to post comments to a crew even after getting kicked out

Reported by: anshuman_bh | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Bounty: $500.00

XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)

Reported by: ak1t4 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

XSS on rockstargames.com

Reported by: zuhnny1 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $500.00

Cache Poisoning DoS on updates.rockstargames.com

Reported by: youstin | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode

Reported by: netfuzzer | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

SocialClub Account Take Over Through Import Friends feature

Reported by: netfuzzer | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Insecure Direct Object Reference allows Crew Invite deletion

Reported by: floorball | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Smuggle SocialClub's Facebook OAuth Code via Referer Leakage

Reported by: 1hack0 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $750.00

Improper Authentication inside the Rockstar Games Launcher which leads to Account takeover to some extend

Reported by: j4ck_d4niels | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $750.00

Previous Page 5 of 6 Next