Upserve - HackerOne Reports
View on HackerOne14
Total Reports
2
Critical
4
High
5
Medium
3
Low
reports.breadcrumb.com is vulnerable for Arbitrary file existence disclosur CVE-2014-7829
Reported by:
s3curityb3ast
|
Disclosed:
Low
Weakness: Information Disclosure
Bounty: $200.00
Reflected xss on theacademy.upserve.com
Reported by:
base_64
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Reflected
Payment method token being sent to 3rd party analytics service
Reported by:
ctulhu
|
Disclosed:
High
Weakness: Business Logic Errors
[theacademy.upserve.com] Reflected XSS Query-String
Reported by:
bobrov
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $250.00
Open redirect at https://inventory.upserve.com/http://google.com/
Reported by:
stankoja
|
Disclosed:
Medium
Weakness: Open Redirect
Bounty: $1200.00
Reflected XSS on https://inventory.upserve.com/ (affects IE users only)
Reported by:
stealthy
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $1200.00
Ability to create own account UUID leads to stored XSS
Reported by:
cache-money
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $1500.00
OLO Total price manipulation using negative quantities
Reported by:
fuzz
|
Disclosed:
Critical
Weakness: Business Logic Errors
Ability to reset password for account
Reported by:
exadmin
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
Information disclosure through search engines (password reset token)
Reported by:
luciann
|
Disclosed:
Medium
Weakness: Information Disclosure
Blind stored xss in demo form
Reported by:
paresh_parmar
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $500.00
Insufficient validation of sides/modifiers quantity
Reported by:
liquid8
|
Disclosed:
Medium
Weakness: Business Logic Errors
Bounty: $500.00
DOM Based XSS via postMessage at https://inventory.upserve.com/login/
Reported by:
gamer7112
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - DOM
Bounty: $2500.00
Open redirect on https://hq-api.upserve.com/
Reported by:
b3fa5e9aab949ed4574c10d
|
Disclosed:
Medium
Weakness: Open Redirect