Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Weblate - HackerOne Reports

View on HackerOne

147

Total Reports

0

Critical

3

High

20

Medium

61

Low

CSRF : Lock and Unlock Translation

Reported by: jaypatel | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Directory Listing

Reported by: red_horse | Disclosed:

Weakness: Cleartext Storage of Sensitive Information

hosted.weblate.org: X-XSS-Protection not enabled

Reported by: amsda | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

CSV Injection with the CSV export feature

Reported by: jaypatel | Disclosed:

Low

Weakness: OS Command Injection

Spamming any user from Reset Password Function

Reported by: atruba | Disclosed:

Low

Weakness: Violation of Secure Design Principles

[demo.weblate.org] Stored Self-XSS via Editor Link in Profile

Reported by: ysx | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Open Redirect via "next" parameter in third-party authentication

Reported by: ysx | Disclosed:

Medium

Weakness: Open Redirect

Content Spoofing

Reported by: 0xspade | Disclosed:

Low

Abuse of Api that causes spamming users and possible DOS due to missing rate limit on contact form

Reported by: khalidamin | Disclosed:

No BruteForce Protection

Reported by: jaypatel | Disclosed:

Medium

Weakness: Improper Restriction of Authentication Attempts

Clickjacking docs.weblate.org

Reported by: akbarparambil | Disclosed:

Low

Null Password - Setting a new password doesn't check for empty spaces

Reported by: footstep | Disclosed:

Low

Weakness: Weak Cryptography for Passwords

No Password Length Restriction leads to Denial of Service

Reported by: ant_pyne | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

CSRF : Reset API

Reported by: jaypatel | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Access to completion page without performing any action

Reported by: footstep | Disclosed:

Weakness: Improper Access Control - Generic

Login using disconnected google account i.e login using old email id

Reported by: tushar21 | Disclosed:

Low

Weakness: Improper Authentication - Generic

User Enumeration when adding email to account

Reported by: atruba | Disclosed:

Low

[hosted.weblate.org]Account Takeover

Reported by: 0xspade | Disclosed:

Low

Insecure Account Removal

Reported by: japz | Disclosed:

Low

Weakness: Violation of Secure Design Principles

demo.weblate.org is vulnerable to SWEET32 Vulnerability

Reported by: d0rkerdevil | Disclosed:

Low

Weakness: Inadequate Encryption Strength

Previous Page 4 of 8 Next