Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

X (Formerly Twitter) - HackerOne Reports

View on HackerOne

164

Total Reports

14

Critical

24

High

56

Medium

25

Low

No Rate Limit in email leads to huge Mass mailings

Reported by: trabajoduro_2 | Disclosed:

Low

Weakness: Business Logic Errors

Persistent DOM-based XSS in https://help.twitter.com via localStorage

Reported by: harisec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

cookie injection allow dos attack to periscope.tv

Reported by: protostar0 | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $560.00

Periscope android app deeplink leads to CSRF in follow action

Reported by: kunal94 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $1540.00

Opportunity to obtain private tweets through search widget preview caches

Reported by: csanuragjain | Disclosed:

Weakness: Business Logic Errors

Bounty: $1120.00

Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests

Reported by: cris-staicu | Disclosed:

Medium

Weakness: Privacy Violation

CORS misconfig | Account Takeover

Reported by: nahoragg | Disclosed:

High

Clickjacking Periscope.tv on Chrome

Reported by: mishre | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Bounty: $560.00

[Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code

Reported by: jlleitschuh | Disclosed:

High

Weakness: Cryptographic Issues - Generic

Bounty: $280.00

Periscope-all Firebase database takeover

Reported by: deeptiman | Disclosed:

Critical

Weakness: Improper Access Control - Generic

XSS using javascript:alert(8007)

Reported by: bains | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Takeover of Twitter-owned domain at mobileapplinking.com

Reported by: healdb | Disclosed:

Weakness: Business Logic Errors

Reset password without knowing current password

Reported by: naategh | Disclosed:

Low

Weakness: Weak Password Recovery Mechanism for Forgotten Password

Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File

Reported by: th0h0 | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $1500.00

[CRITICAL] Full account takeover using CSRF

Reported by: yipman | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

File Upload XSS in image uploading of App in mopub

Reported by: indoappsec | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect

Reported by: rahulkankrale | Disclosed:

Critical

Weakness: Improper Access Control - Generic

CSRF and probable account takeover on https://www.niche.co

Reported by: mik317 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

CSRF on https://www.niche.co leads to "account disconnection"

Reported by: mik317 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ]

Reported by: 0xprial | Disclosed:

Critical

Weakness: Information Disclosure

Page 1 of 9 Next