Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Semrush - HackerOne Reports

View on HackerOne

56

Total Reports

5

Critical

12

High

17

Medium

21

Low

Reflected XSS using Header Injection

Reported by: inferno- | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

IDOR allows information disclosure

Reported by: a_d_a_m | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Cross-origin resource sharing misconfig | steal user information

Reported by: bughuntermate | Disclosed:

Medium

Weakness: Misconfiguration

[oauth token leak] at oauth.semrush.com

Reported by: nikitastupin | Disclosed:

High

Weakness: Improper Authentication - Generic

IDOR in semrush academy

Reported by: a_d_a_m | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Ad Builder Display Ads Path Traversal

Reported by: ajxchapman | Disclosed:

Medium

Weakness: Path Traversal

XSS on redirection page( Bypassed)

Reported by: kunal94 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

CORS misconfiguration which leads to the disclosure of certain data concerning the user.

Reported by: a_d_a_m | Disclosed:

Low

Weakness: Improper Access Control - Generic

Reflected XSS on https://www.semrush.com/my_reports/externalSource/callback/googleAccountsGMB

Reported by: sec44 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

XSS Reflected on my_report

Reported by: r0hack | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

subdomain takeover at news-static.semrush.com

Reported by: 0ways | Disclosed:

High

Weakness: Improper Access Control - Generic

Unrestricted file upload in www.semrush.com > /my_reports/api/v1/upload/image

Reported by: seeu | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Content Injection on api.semrush.com to Reflected XSS

Reported by: nikitastupin | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Manipulation of exam results at Semrush.Academy

Reported by: r0hack | Disclosed:

Medium

Weakness: Business Logic Errors

Broken Authentication: A project addition request can be used multiple time for different users

Reported by: walterhwhite | Disclosed:

High

Weakness: Key Exchange without Entity Authentication

Cross-origin resource sharing

Reported by: sureshbudharapu | Disclosed:

High

php info file and sql backup at vendor's subdomain

Reported by: rivalsec | Disclosed:

Low

Weakness: Information Disclosure

Critically Sensitive Spring Boot Endpoints Exposed

Reported by: a_d_a_m | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Stored XSS in '' Section and WAF Bypass

Reported by: jimgogogo | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Security misconfiguration "weak passwords".

Reported by: whitehatmmalam | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Page 1 of 3 Next