Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Weblate - HackerOne Reports

View on HackerOne

147

Total Reports

0

Critical

3

High

20

Medium

61

Low

Self XSS at translation page through Editor Link at demo.weblate.org

Reported by: csanuragjain | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Setting a password with a single character

Reported by: footstep | Disclosed:

Low

Weakness: Weak Cryptography for Passwords

Open port leads to information disclosure

Reported by: str33 | Disclosed:

Low

Weakness: Information Disclosure

Missing restriction on string size of Full Name at https://demo.weblate.org/accounts/register/

Reported by: sumit7 | Disclosed:

Low

Weakness: Memory Corruption - Generic

Registration captcha bypass

Reported by: blacky | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Improper access control when an added email address is deleted from authentication

Reported by: h1bountyoverflow | Disclosed:

High

Weakness: Improper Access Control - Generic

CSRF - Changing the full name / adding a secondary email identity of an account via a GET request

Reported by: inhibitor181 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Weak e-mail change functionality could lead to account takeover

Reported by: twicedi | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Web server is vulnerable to Beast Attack

Reported by: mrnull1337 | Disclosed:

Low

Weakness: Cryptographic Issues - Generic

CSV export filter bypass leads to formula injection.

Reported by: edoverflow | Disclosed:

Medium

Weakness: Command Injection - Generic

Content Spoofing in error message

Reported by: codertom | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Specify maximal length in new comment

Reported by: amsda | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Abuse of Api that causes spamming users and possible DOS due to missing rate limit

Reported by: khalidamin | Disclosed:

Low

Existing sessions valid after removing third party auth

Reported by: brdoors3 | Disclosed:

Low

Weakness: Improper Authentication - Generic

Notify user about password change

Reported by: amsda | Disclosed:

Low

Weakness: Improper Authentication - Generic

Open redirect in Signing in via Social Sites

Reported by: rajauzairabdullah | Disclosed:

Medium

Weakness: Open Redirect

HTML injection and information disclosure in support panel

Reported by: xaleraf4ra | Disclosed:

Medium

Weakness: Information Disclosure

Weblate |Security Misconfiguration| Method Enumeration Possible on domain

Reported by: sadhu16 | Disclosed:

Takeover of an account via reset password options after removing the account

Reported by: imran_hadid | Disclosed:

Low

Weakness: Improper Authentication - Generic

Option method enabled

Reported by: hurthearts | Disclosed:

Weakness: Violation of Secure Design Principles

Previous Page 5 of 8 Next