Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Slack - HackerOne Reports

View on HackerOne

80

Total Reports

8

Critical

14

High

19

Medium

13

Low

Store XSS

Reported by: imran_hadid | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Generate new Test token

Reported by: onidnalbj | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $100.00

User can start call in a channel of an unpaid account

Reported by: jobert | Disclosed:

Weakness: Privilege Escalation

Bounty: $100.00

Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links

Reported by: salh4ckr | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Open Redirect on slack.com

Reported by: sudotop | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $500.00

Access to some Slack workspace metadata and settings available to unauthorized parties

Reported by: secalert | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $7000.00

Hashed data exposure via WebSockets to Workspace Members

Reported by: d3f4u17 | Disclosed:

Critical

Weakness: Insufficiently Protected Credentials

"a stored xss issue in share post menu"

Reported by: securitythinker | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $500.00

User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files

Reported by: metnew | Disclosed:

High

Stored XSS in files.slack.com

Reported by: oskarsv | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

DoS on the Direct Messages

Reported by: asdasdasdasdasda | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $500.00

Internal SSRF bypass using slash commands at api.slack.com

Reported by: albatraoz | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users

Reported by: padillac | Disclosed:

High

Weakness: Unrestricted Upload of File with Dangerous Type

Bounty: $1500.00

RC4 cipher suites detected on status.slack.com

Reported by: linkks | Disclosed:

Weakness: Violation of Secure Design Principles

Information Disclosure on stun.screenhero.com

Reported by: kazan71p | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $700.00

Misuse of groups feature allows workspace members to join private channels without being invited

Reported by: kmap | Disclosed:

High

Weakness: Improper Access Control - Generic

[Screenhero] Subdomain takeover

Reported by: yassineaboukir | Disclosed:

Weakness: Violation of Secure Design Principles

Cross-site leak allows attacker to de-anonymize members of his team from another origin

Reported by: jub0bs | Disclosed:

Low

Weakness: Privilege Escalation

Bounty: $250.00

HTTP parameter pollution from outdated Greenhouse.io JS dependency

Reported by: irvinlim | Disclosed:

Medium

Weakness: Resource Injection

Stored XSS(Cross Site Scripting) In Slack App Name

Reported by: imnarendrabhati | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $1000.00

Previous Page 2 of 4 Next