Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

X (Formerly Twitter) - HackerOne Reports

View on HackerOne

164

Total Reports

14

Critical

24

High

56

Medium

25

Low

Reflected XSS in twitterflightschool.com

Reported by: jubabaghdad | Disclosed:

Weakness: Cross-site Scripting (XSS) - Reflected

Able to see Twitter Circle tweets due to improper access control on the "FavoriteTweet" endpoint

Reported by: bugra | Disclosed:

Medium

Weakness: Improper Access Control - Generic

XSS via referrer parameter

Reported by: keer0k | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Github Account hijack through broken link in developer.twitter.com

Reported by: milankatwal99 | Disclosed:

High

Weakness: Phishing

HTTPS is not validating TLS mac codes

Reported by: cy1337 | Disclosed:

Weakness: Use of a Broken or Risky Cryptographic Algorithm

Listing of Amazon S3 Bucket accessible to any amazon authenticated user (metrics.pscp.tv)

Reported by: segumarc | Disclosed:

Weakness: Information Disclosure

Bounty: $140.00

Access MoPub Reports Data even after Company removed you from their MoPub Account.

Reported by: suyog | Disclosed:

High

Weakness: Information Disclosure

XXE on sms-be-vip.twitter.com in SXMP Processor

Reported by: joshbrodienz | Disclosed:

Medium

Weakness: XML External Entities (XXE)

[Bypass fixed #664038 and #519059] Application settings change settings that have been set by the user

Reported by: jaka-tingkir | Disclosed:

Medium

Weakness: Business Logic Errors

Bypassing Digits web authentication's host validation with HPP

Reported by: filedescriptor | Disclosed:

Weakness: Improper Authentication - Generic

http request smuggling in pscp.tv and periscope.tv

Reported by: protostar0 | Disclosed:

High

Weakness: HTTP Request Smuggling

Bounty: $560.00

CSRF on Periscope Web OAuth authorization endpoint

Reported by: filedescriptor | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Twitter Source Label allow 'mongolian vowel separator' U+180E (app name)

Reported by: lorenznickel | Disclosed:

Low

Weakness: Phishing

Incorrect param parsing in Digits web authentication

Reported by: filedescriptor | Disclosed:

Weakness: Improper Authentication - Generic

Ability to getting Twitter Blue verified badge without purchase it

Reported by: alp | Disclosed:

Medium

Weakness: Business Logic Errors

Link-shortener bypass (regression on fix for #1032610)

Reported by: jub0bs | Disclosed:

Medium

Weakness: Security Through Obscurity

Bounty: $560.00

Bypass t.co link shortener in Twitter direct messages

Reported by: iambouali | Disclosed:

Low

Weakness: Business Logic Errors

ms5 debug page exposing internal info (internal IPs, headers)

Reported by: lukeberner | Disclosed:

Medium

Weakness: Information Exposure Through Debug Information

Bounty: $280.00

CVE-2017-15277 on Profile page

Reported by: emitrani | Disclosed:

Low

Weakness: Information Disclosure

Twitter ID exposure via error-based side-channel attack

Reported by: terjanq | Disclosed:

Medium

Weakness: Privacy Violation

Bounty: $1470.00

Previous Page 7 of 9 Next