Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Zendesk - HackerOne Reports

View on HackerOne

29

Total Reports

3

Critical

5

High

9

Medium

2

Low

a stored xss in web widget chat

Reported by: securitythinker | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

XSS in zendesk.com/product/

Reported by: virtualhunter | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Privilege escalation - Support-Contributor to Support and Product Admin via `/api/v2/██████` . No ADMIN PRIVILEGE required.

Reported by: cybxis | Disclosed:

High

Weakness: Privilege Escalation

Android SDK - CREATE_REQUEST broascast is unprotected

Reported by: bagipro | Disclosed:

Medium

Weakness: Information Disclosure

Leaked artifactory_key, artifactory_api_key, and gcloud refresh_token via GitHub.

Reported by: rubyroobs | Disclosed:

Critical

Error stack trace enabled

Reported by: 4lemon | Disclosed:

Weakness: Information Disclosure

"Test target" of the "HTTP target" extension can unintentionally send username and password in the Authorization header

Reported by: nathand | Disclosed:

Low

Weakness: Cleartext Transmission of Sensitive Information

Full Sub Domain Takeover at wx.zopim.net

Reported by: punkrock | Disclosed:

Medium

SMTP user enumeration via mail.zendesk.com

Reported by: geeknik | Disclosed:

Medium

Weakness: Information Disclosure

Previous Page 2 of 2