Zendesk - HackerOne Reports
View on HackerOne29
Total Reports
3
Critical
5
High
9
Medium
2
Low
[status.zopim.com] Open Redirect
Reported by:
bobrov
|
Disclosed:
Weakness: Open Redirect
Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks
Reported by:
intidc
|
Disclosed:
Critical
Weakness: Improper Authentication - Generic
Stored XSS in Draft Articles.
Reported by:
harry_mg
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Stored Cross Site Scripting on Zendesk agent dashboard
Reported by:
apfeifer27
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
CSRF on developer.zendesk.com via Cache Deception
Reported by:
imran0x01
|
Disclosed:
Medium
Leaked artifactory_api_key via GitHub.
Reported by:
rubyroobs
|
Disclosed:
Critical
Blind XSS via Suspended Ticket Recovery
Reported by:
trimatra-sec
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Reflected
AWS S3 bucket writable for authenticated aws user
Reported by:
dpgribkov
|
Disclosed:
Weakness: Improper Authentication - Generic
open redirect in <your_zendesk>.zendesk.com
Reported by:
zombiehelp54
|
Disclosed:
Weakness: Open Redirect
Unvalidated / Open Redirect
Reported by:
securitythinker
|
Disclosed:
Medium
Weakness: Open Redirect
dom based xss in *.zendesk.com/external/zenbox/
Reported by:
sergeym
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
Stored XSS in Macro Editing - Introduced by Admins to affect Admins
Reported by:
hariharan-s
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
XSS with needed user intervention
Reported by:
rotembar
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Generic
Race Condition in Article "Helpful" Indicator
Reported by:
cablej
|
Disclosed:
Admin Macro Description Stored XSS
Reported by:
hariharan-s
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Remote code execution as root on [REDACTED]
Reported by:
agarri_fr
|
Disclosed:
Weakness: Code Injection
SSRF issue in "URL target" allows [REDACTED]
Reported by:
agarri_fr
|
Disclosed:
Weakness: Information Disclosure
Secret API Key Leakage via Query String
Reported by:
kuyschi
|
Disclosed:
High
Weakness: Information Disclosure
Missing function level access controls allowing attacker to abuse file access controls. Multiple vulnerabilities
Reported by:
abhijeth
|
Disclosed:
Weakness: Privilege Escalation
express config leaking stacktrace
Reported by:
prbln
|
Disclosed:
Medium
Weakness: Information Disclosure
Page 1 of 2
Next