Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Starbucks - HackerOne Reports

View on HackerOne

128

Total Reports

20

Critical

39

High

41

Medium

21

Low

Starbucks China Android app cloud storage service leaks a credential.

Reported by: k3mlol | Disclosed:

High

Weakness: Information Disclosure

Able to purchase a gift card with any amount

Reported by: qwacsawd | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Java Deserialization RCE via JBoss JMXInvokerServlet/EJBInvokerServlet on card.starbucks.in

Reported by: meals | Disclosed:

Weakness: Code Injection

Full Api Access and Run All Functions via Starbucks App

Reported by: ynsy | Disclosed:

Medium

Weakness: Improper Authentication - Generic

DVR default username and password

Reported by: radosec | Disclosed:

Medium

Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com

Reported by: blurbdust | Disclosed:

Critical

Weakness: Privilege Escalation

China - president-starbucks.com.cn DNS configuration reported as takeover

Reported by: k3mlol | Disclosed:

High

Weakness: Privilege Escalation

Reflected XSS on teavana.com (Locale-Change)

Reported by: inhibitor181 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Sidekiq web UI (Ruby background processing) accessible unauthenticated via https://gift-test.starbucks.co.jp/sidekiq/busy

Reported by: jackds | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Backup Source Code Detected

Reported by: linkks | Disclosed:

Medium

Reflected Cross site Scripting (XSS) on www.starbucks.com

Reported by: cujanovic | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

www.starbucks.co.uk Reflected XSS via utm_source parameter

Reported by: meals | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

out of date disqus shortname usage in the web app source code

Reported by: hiorws | Disclosed:

Critical

Weakness: Violation of Secure Design Principles

Unauthorized access to a system used for CI/CD processes

Reported by: k3mlol | Disclosed:

High

Weakness: Improper Authentication - Generic

sdrc.starbucks.com - Information Disclosure via unsecured attachment directory

Reported by: l00ph0le | Disclosed:

Critical

Weakness: Information Disclosure

Unable to register in starbucks app

Reported by: ashishag29 | Disclosed:

Medium

Weakness: Weak Cryptography for Passwords

Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg

Reported by: ko2sec | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Subdomain takeover of mydailydev.starbucks.com

Reported by: 0xpatrik | Disclosed:

High

Weakness: Externally Controlled Reference to a Resource in Another Sphere

[newscdn.starbucks.com] CRLF Injection, XSS

Reported by: bobrov | Disclosed:

Medium

Weakness: HTTP Response Splitting

Open Redirect on Greater Asia domains

Reported by: l00ph0le | Disclosed:

Low

Weakness: Open Redirect

Previous Page 2 of 7 Next