Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Starbucks - HackerOne Reports

View on HackerOne

128

Total Reports

20

Critical

39

High

41

Medium

21

Low

Possible subdomain takeover at openapi.starbucks.com

Reported by: benoculars | Disclosed:

High

[connect.teavana.com] Open Redirect and abuse of connect.teavana.com

Reported by: rbcafe | Disclosed:

Medium

Weakness: Open Redirect

Multiple Subdomain takeovers via unclaimed instances

Reported by: benoculars | Disclosed:

High

Weakness: Privilege Escalation

Information Leak - Github - JMS Information

Reported by: peuch | Disclosed:

High

Weakness: Information Disclosure

SQL Injection Proof of Concept for Starbucks URL

Reported by: gbadebo | Disclosed:

High

Weakness: SQL Injection

Reflected cross-site scripting on multiple Starbucks assets.

Reported by: stealthy | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Blind SQL Injection on starbucks.com.gt and WAF Bypass :*

Reported by: d3417_ | Disclosed:

High

Weakness: SQL Injection

Singapore - Account Takeover via IDOR

Reported by: ko2sec | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Misuse of an authentication cookie combined with a path traversal on app.starbucks.com permitted access to restricted data

Reported by: zlz | Disclosed:

Critical

Weakness: Path Traversal

Stored XSS on www.starbucks.com.sg/careers/career-center/career-landing-*

Reported by: 13ern | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

DOM-based XSS in store.starbucks.co.uk on IE 11

Reported by: albinowax | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - DOM

Subdomain takeover of d02-1-ag.productioncontroller.starbucks.com

Reported by: mindtrick | Disclosed:

High

Weakness: Privilege Escalation

Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record

Reported by: dpgribkov | Disclosed:

High

Weakness: Privilege Escalation

Stored XSS in Adress Book (starbucks.com/account/profile)

Reported by: myst404 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

SSRF at ideas.starbucks.com

Reported by: damian89 | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

DOM XSS on app.starbucks.com via ReturnUrl

Reported by: gamer7112 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Reflected XSS in openapi.starbucks.com /searchasyoutype/v1/search?x-api-key=

Reported by: an0n-j | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice

Reported by: geek_jeremy | Disclosed:

Critical

Weakness: SQL Injection

Open Redirection in Login - Korean Starbucks

Reported by: jtjisgod | Disclosed:

Low

Weakness: Open Redirect

Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card

Reported by: nnez | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Previous Page 5 of 7 Next