Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

TikTok - HackerOne Reports

View on HackerOne

117

Total Reports

5

Critical

18

High

50

Medium

43

Low

IDOR on TikTok Seller

Reported by: find_me_here | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $500.00

One Click Account Hijacking via Unvalidated Deeplink

Reported by: fr4via | Disclosed:

High

Weakness: Forced Browsing

XSS at TikTok Ads Endpoint

Reported by: s3c | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com

Reported by: mrzheev | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $250.00

Information Disclosure on TikTok Unplugged Site

Reported by: nanwn | Disclosed:

Low

Weakness: Information Disclosure

RXSS via region parameter

Reported by: ashrafabdelrazik | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Email address disclosure via invite token validatiion

Reported by: noob_but_cut3 | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $250.00

CORS bypass on TikTok Ads Endpoint

Reported by: ahmed_alwardani | Disclosed:

Medium

Weakness: Misconfiguration

Bounty: $257.00

Multiple vulnerability leading to account takeover in TikTok SMB subdomain.

Reported by: lu3ky-13 | Disclosed:

Critical

Weakness: Business Logic Errors

IDOR in report download functionality on ads.tiktok.com

Reported by: f_m | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $500.00

Subdomain Takeover via Unclaimed Amazon S3 Bucket (Musical.ly)

Reported by: daik0n | Disclosed:

Low

Weakness: Privilege Escalation

Bounty: $200.00

HTML Injection on Company Name on Email

Reported by: gnux | Disclosed:

Low

Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Bounty: $79.00

Clickjacking Vulnerability Can Leads To Delete Developer APP

Reported by: rioncool22 | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Bounty: $500.00

Clickjacking Vulnerability In Whole Page Ads Tiktok

Reported by: rioncool22 | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Bounty: $500.00

IDOR on TikTok Ads Endpoint

Reported by: sinayeganeh | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $2500.00

Internal Employee informations Disclosure via TikTok Athena api

Reported by: pspspsp | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $1000.00

Blocked user can send notification by liking the message due to Logical Bug

Reported by: sandipgyawalii | Disclosed:

Low

Weakness: Privacy Violation

CORS misconfiguration in TikTok ads portal

Reported by: chihuahua | Disclosed:

Low

Weakness: Improper Access Control - Generic

User In The Same Center Can Create CSRF To Change The Information About Business

Reported by: ahmed_alwardani | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $147.00

Blind SSRF in ads.tiktok.com

Reported by: chihuahua | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Previous Page 3 of 6 Next