Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Stripe - HackerOne Reports

View on HackerOne

27

Total Reports

2

Critical

3

High

11

Medium

11

Low

Mass Account Takeover at https://app.taxjar.com/ - No user Interaction

Reported by: beerboy_ankit | Disclosed:

Critical

Weakness: Authentication Bypass Using an Alternate Path or Channel

Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen

Reported by: haxatron1 | Disclosed:

Low

Weakness: Improper Input Validation

Local applications from user's computer can listen for webhooks via insecure gRPC server from stripe-cli

Reported by: gregxsunday | Disclosed:

Low

Weakness: Improper Authentication - Generic

Mass account takeover!

Reported by: akashhamal0x01 | Disclosed:

High

Weakness: Misconfiguration

XSS vulnerability without a content security bypass in a `CUSTOM` App through Button tag

Reported by: saajanbhujel | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $2000.00

CSRF token validation system is disabled on Stripe Dashboard

Reported by: d_sharad | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF

Reported by: sim4n6 | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Previous Page 2 of 2