Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Starbucks - HackerOne Reports

View on HackerOne

128

Total Reports

20

Critical

39

High

41

Medium

21

Low

Open Redirect on Greater Asia domains

Reported by: l00ph0le | Disclosed:

Low

Weakness: Open Redirect

Time-based Blind SQLi on news.starbucks.com

Reported by: toctou | Disclosed:

High

Weakness: SQL Injection

Lack of Controls Allowing for Card and PIN Enumeration Leading to Fraud

Reported by: kylecolson | Disclosed:

High

Thailand - a small number of SMB CCTV footage backup servers were accessible without authentication.

Reported by: radosec | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Unable to register in starbucks IN app

Reported by: ashishag29 | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

csrf blogs.starbucks.com

Reported by: w2w | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

athome.starbucks.com - URL parameter tampering of review forms permitted possible content injection

Reported by: jackb898 | Disclosed:

Medium

Weakness: Improper Input Validation

Parameter Manipulation allowed for viewing of other user’s teavana.com orders

Reported by: meals | Disclosed:

Weakness: Improper Authentication - Generic

Starbucks China Android app cloud storage service leaks a credential.

Reported by: k3mlol | Disclosed:

High

Weakness: Information Disclosure

China - president-starbucks.com.cn DNS configuration reported as takeover

Reported by: k3mlol | Disclosed:

High

Weakness: Privilege Escalation

Backup Source Code Detected

Reported by: linkks | Disclosed:

Medium

Unauthorized access to a system used for CI/CD processes

Reported by: k3mlol | Disclosed:

High

Weakness: Improper Authentication - Generic

Unable to register in starbucks app

Reported by: ashishag29 | Disclosed:

Medium

Weakness: Weak Cryptography for Passwords

Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg

Reported by: ko2sec | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Information disclosure on sim.starbucks.com

Reported by: johnstone | Disclosed:

Low

Weakness: Information Disclosure

CVEs: CVE-2019-3403 CVE-2019-8442

Webshell via File Upload on ecjobs.starbucks.com.cn

Reported by: johnstone | Disclosed:

Critical

Weakness: OS Command Injection

Norway - store.starbucks.no - CSRF on email change

Reported by: moonlight323 | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Improper handling of payment callback allows topping up a Swiss Starbucks Card bypassing actual payment via a crafted success message

Reported by: khovansky | Disclosed:

High

Weakness: Business Logic Errors

Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters

Reported by: rexvuz | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance

Reported by: mr_intrusionist | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Page 1 of 7 Next