Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Slack - HackerOne Reports

View on HackerOne

80

Total Reports

8

Critical

14

High

19

Medium

13

Low

URL link spoofing

Reported by: akaki | Disclosed:

Low

Weakness: Phishing

Bounty: $250.00

Bypass of the SSRF protection (Slack commands, Phabricator integration)

Reported by: agarri_fr | Disclosed:

Bounty: $100.00

URL filter bypass in Enterprise Grid

Reported by: akaki | Disclosed:

Low

Weakness: Phishing

Bounty: $100.00

Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs

Reported by: fransrosen | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Snooping into messages via email service

Reported by: rijalrojan | Disclosed:

Weakness: Improper Authentication - Generic

Remote Code Execution in Slack desktop apps + bonus

Reported by: oskarsv | Disclosed:

Critical

Weakness: Code Injection

a stored xss issue in https://files.slack.com

Reported by: securitythinker | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $500.00

Bypass of the SSRF protection in Event Subscriptions parameter.

Reported by: elber | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Source code leakage through GIT web access at host '52.91.137.42'

Reported by: d0znpp | Disclosed:

Weakness: Improper Authentication - Generic

Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation

Reported by: fbogner | Disclosed:

Weakness: Command Injection - Generic

AWS bucket leading to iOS test build code and configuration exposure

Reported by: kiyell | Disclosed:

Critical

Weakness: Information Disclosure

Bounty: $1500.00

SSRF via Office file thumbnails

Reported by: ziot | Disclosed:

Critical

Weakness: Information Disclosure

Bounty: $4000.00

CSRF in github integration

Reported by: asanso | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $500.00

CSV export/import functionality allows administrators to modify member and message content of a workspace

Reported by: security_warrior | Disclosed:

Weakness: Privilege Escalation

Bounty: $250.00

Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications

Reported by: oskarsv | Disclosed:

High

Weakness: Code Injection

Denial of Service via Hyperlinks in Posts

Reported by: joaovitormaia | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $1500.00

Email information leakage for certain addresses

Reported by: procode701 | Disclosed:

Weakness: Information Disclosure

Bypass invite accept for victim

Reported by: analyz3r | Disclosed:

Medium

Weakness: Business Logic Errors

Bounty: $1500.00

Many Slack teams can be joined by abusing an improperly configured support@ inbox

Reported by: securinti | Disclosed:

Weakness: Improper Authentication - Generic

Slack-Corp Heroku application disclosing limited info about company members

Reported by: demonia | Disclosed:

Low

Weakness: Information Disclosure

Previous Page 4 of 4