Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Starbucks - HackerOne Reports

View on HackerOne

128

Total Reports

20

Critical

39

High

41

Medium

21

Low

India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance

Reported by: mr_intrusionist | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Thailand - a small number of SMB CCTV footage backup servers were accessible without authentication.

Reported by: radosec | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Unable to register in starbucks IN app

Reported by: ashishag29 | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Time-based Blind SQLi on news.starbucks.com

Reported by: toctou | Disclosed:

High

Weakness: SQL Injection

Lack of Controls Allowing for Card and PIN Enumeration Leading to Fraud

Reported by: kylecolson | Disclosed:

High

csrf blogs.starbucks.com

Reported by: w2w | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Bug in GraphQL and API integration leads to limited user address disclosure

Reported by: loxiran | Disclosed:

High

Weakness: Improper Access Control - Generic

Unauthorized access to jiratest.starbucks.com

Reported by: damian89 | Disclosed:

Critical

Weakness: Improper Authentication - Generic

Cross-Site Scripting (XSS) on www.starbucks.com | .co.uk login pages

Reported by: cdl | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE

Reported by: b006e4ea768a5d1b5340969 | Disclosed:

Medium

Weakness: OS Command Injection

DOM XSS on teavana.com via "pr_zip_location" parameter

Reported by: fizhimchik | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

svcardproxydevus.starbucks.com Subdomain take over

Reported by: txt3rob | Disclosed:

High

Weakness: Improper Access Control - Generic

Password Change not notified when changed from settings

Reported by: karthik87mit | Disclosed:

Medium

Weakness: Unverified Password Change

Singapore - Unrestricted File Upload Leads to XSS on campaign.starbucks.com.sg/api/upload

Reported by: ko2sec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

PHPinfo page

Reported by: linkks | Disclosed:

Low

Weakness: Information Disclosure

athome.starbucks.com - URL parameter tampering of review forms permitted possible content injection

Reported by: jackb898 | Disclosed:

Medium

Weakness: Improper Input Validation

Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com)

Reported by: inhibitor181 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Singapore - IDOR in campaign.starbucks.com.sg

Reported by: bytebunny | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Parameter Manipulation allowed for editing the shipping address for other user’s teavana.com subscriptions.

Reported by: meals | Disclosed:

Weakness: Improper Authentication - Generic

Open Redirect on Greater Asia domains

Reported by: l00ph0le | Disclosed:

Low

Weakness: Open Redirect

Page 1 of 7 Next