Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Starbucks - HackerOne Reports

View on HackerOne

128

Total Reports

20

Critical

39

High

41

Medium

21

Low

Reflected XSS in https://www.starbucks.co.jp/store/search/

Reported by: wa1m3im | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Korea - LFI Server directory traversal at starbucks.co.kr

Reported by: 0xb33 | Disclosed:

High

Weakness: Path Traversal

Java Deserialization RCE via JBoss on card.starbucks.in

Reported by: joaomatosf | Disclosed:

Critical

Weakness: Code Injection

Persistent XSS in www.starbucks.com

Reported by: ddworken | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Dom Based Xss DIV.innerHTML parameters store.starbucks*

Reported by: e3xpl0it | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

China - IDOR on Reservation Staging/Non Production Site - https://reservation.stg.starbucks.com.cn

Reported by: seven6 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)

Reported by: bayotop | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

XSS on https://www.starbucks.co.uk (can lead to credit card theft) (/shop/paymentmethod)

Reported by: bayotop | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Missing CSRF Token On Remove Coupun From Cart

Reported by: apapedulimu | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Missing CSRF Token On Add Coupon To Basket

Reported by: apapedulimu | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Norway - store.starbucks.no - CSRF on email change

Reported by: moonlight323 | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Improper handling of payment callback allows topping up a Swiss Starbucks Card bypassing actual payment via a crafted success message

Reported by: khovansky | Disclosed:

High

Weakness: Business Logic Errors

Subdomain takeover of datacafe-cert.starbucks.com

Reported by: parzel | Disclosed:

High

Weakness: Privilege Escalation

Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters

Reported by: rexvuz | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Stored XSS in comments on https://www.starbucks.co.uk/blog/*

Reported by: bayotop | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Reflected XSS in https://www.starbucks.com/account/create/redeem/MCP131XSR via xtl_amount, xtl_coupon_code, xtl_amount_type parameters

Reported by: zayn1337 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database

Reported by: spaceraccoon | Disclosed:

Critical

Weakness: SQL Injection

Reflected DOM XSS on www.starbucks.co.uk

Reported by: bayotop | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

China - ecjobsdc.starbucks.com.cn html/shtml file upload vulnerability

Reported by: b006e4ea768a5d1b5340969 | Disclosed:

High

Weakness: Privilege Escalation

Open Redirect on Greater Asia domains

Reported by: l00ph0le | Disclosed:

Low

Weakness: Open Redirect

Previous Page 3 of 7 Next