Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WHO COVID-19 Mobile App - HackerOne Reports

View on HackerOne

7

Total Reports

0

Critical

0

High

4

Medium

2

Low

Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users

Reported by: spaceraccoon | Disclosed:

Low

Weakness: Improper Input Validation

ArcGIS Rest Service linked to unsecured survey data

Reported by: y1ngxi0ng | Disclosed:

Medium

Weakness: Authentication Bypass Using an Alternate Path or Channel

DMARC and SPF records

Reported by: hackz-bhavin | Disclosed:

Medium

Internal API endpoint is accesible for everyone

Reported by: arnonymous | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Probably unexploitable XSS via Header Injection

Reported by: d0nut | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users

Reported by: humayunalikhan | Disclosed:

Medium

Weakness: Improper Input Validation

Error Page Text Injection (no compromise)

Reported by: spaced | Disclosed:

Weakness: Misconfiguration