Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Yelp - HackerOne Reports

View on HackerOne

73

Total Reports

3

Critical

5

High

18

Medium

21

Low

Privilege Escalation - A Non Owner User Who Does not Have access to the user management can invite other users to the restaurant page

Reported by: vijaysimha-reddy | Disclosed:

Low

Weakness: Improper Access Control - Generic

X.509 certificate validation fails on international vanity domains

Reported by: tk0 | Disclosed:

Weakness: Violation of Secure Design Principles

Content spoofing on yelp.onelogin

Reported by: japz | Disclosed:

Low

Weakness: Open Redirect

Nginx server version disclosure on engineeringblog

Reported by: japz | Disclosed:

Weakness: Information Disclosure

Unauthorized Reservation Cancellation Through IDOR Vulnerability

Reported by: no-need | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Robots.txt file with potentially sensitive content.

Reported by: ethack1886 | Disclosed:

Low

Weakness: Privacy Violation

CORS Misconfiguration on Yelp

Reported by: qualw1n | Disclosed:

Medium

Public Github Repo Leaking Internal Credentials

Reported by: xinfohuggerx | Disclosed:

Critical

ClickJacking in editing business name

Reported by: mohammad_obaid | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)

Reported by: hk755a | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Unauthorized Use of Victim Credit Card

Reported by: hk755a | Disclosed:

Low

Weakness: Privacy Violation

No rate limit on subscribe form

Reported by: happykira0x1 | Disclosed:

Medium

Weakness: Business Logic Errors

Clickjacking lead to remove review

Reported by: mralaayousef | Disclosed:

Medium

If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur

Reported by: shubhangirathore836 | Disclosed:

Low

Autofill/Autosave password on login

Reported by: ishwar-kumar-777 | Disclosed:

Medium

Weakness: Insufficiently Protected Credentials

CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card

Reported by: hk755a | Disclosed:

High

Weakness: Privacy Violation

xmlrpc file enabled

Reported by: happykira0x1 | Disclosed:

Low

Weakness: Information Disclosure

[Yelp Blog] Backslash in search string causes JS error

Reported by: denispugachev | Disclosed:

Weakness: Violation of Secure Design Principles

CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.

Reported by: hk755a | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Subdomain Takeover on delivey.yelp.com

Reported by: racersaravanaa05 | Disclosed:

Low

Weakness: Phishing

Previous Page 2 of 4 Next