Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Yelp - HackerOne Reports

View on HackerOne

73

Total Reports

3

Critical

5

High

18

Medium

21

Low

Clickjacking @ Main Domain[www.yelp.com]

Reported by: h4ck3r0ne | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

X-Forward-For Header allows to bypass access restrictions

Reported by: parzel | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Access to internal CMS containing private Data

Reported by: nahamsec | Disclosed:

Weakness: Improper Authentication - Generic

Possible content spoofing due to missing error page

Reported by: pisarenko | Disclosed:

Low

Weakness: Violation of Secure Design Principles

ClickJacking

Reported by: jessepinkman | Disclosed:

Weakness: UI Redressing (Clickjacking)

yelp.com XSS ATO (via login keylogger, link Google account)

Reported by: lil_endian | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure

Reported by: sourceflow | Disclosed:

Weakness: Business Logic Errors

password field autocomplete enabled

Reported by: er_salil | Disclosed:

Medium

Weakness: Insecure Storage of Sensitive Information

Research papers on yelp are getting indexed by google bots.

Reported by: us111 | Disclosed:

Weakness: Information Disclosure

Clickjacking: X-Frame Header Missing

Reported by: vaxo | Disclosed:

Weakness: UI Redressing (Clickjacking)

Bybass The Closing of the account and logged again to your account

Reported by: need_new_username_103 | Disclosed:

Weakness: Improper Authentication - Generic

Ngnix Server version disclosure 404 Page!

Reported by: khizer47 | Disclosed:

Weakness: Information Disclosure

RCE on build server via misconfigured pip install

Reported by: alexbirsan | Disclosed:

Critical

Weakness: Download of Code Without Integrity Check

JDBC credentials leaked via github

Reported by: walidhossain010 | Disclosed:

Weakness: Information Disclosure

PURGE is not authenticated

Reported by: rac_fckscty | Disclosed:

Low

Weakness: Improper Authentication - Generic

CSRF on signup endpoint (auto-api.yelp.com)

Reported by: denispugachev | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Direct access to tox.ini file which is contain configuration details

Reported by: bxss_is_love | Disclosed:

Low

Weakness: Insecure Storage of Sensitive Information

Fraudulent claim of business.

Reported by: ilpadrino | Disclosed:

High

Object Level access control leads to reading user's full requests, sessions, and error messages

Reported by: mester_x | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Information disclosure - emails disclosed in response > staging.seatme.us

Reported by: quistertow | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Previous Page 3 of 4 Next