Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Zomato - HackerOne Reports

View on HackerOne

110

Total Reports

16

Critical

17

High

25

Medium

18

Low

MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS)

Reported by: madrobot | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

XSS in flashmediaelement.swf (business-blog.zomato.com)

Reported by: madrobot | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

[www.zomato.com] CORS Misconfiguration, could lead to disclosure of sensitive information

Reported by: ahd911 | Disclosed:

Medium

Bounty: $550.00

Login to any account with the emailaddress

Reported by: gerben_javado | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $1000.00

Use any User to Follow you (Increase Followers) [IDOR]

Reported by: bountypls | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $50.00

Unauthorised Access to Anyone's User Account

Reported by: bhavukjain1 | Disclosed:

Critical

Weakness: Improper Authentication - Generic

[www.zomato.com] Boolean SQLi - /█████.php

Reported by: gerben_javado | Disclosed:

Weakness: SQL Injection

Bounty: $1000.00

Zomato Map server going out of memory while resizing map image

Reported by: mchinmoy | Disclosed:

Weakness: Heap Overflow

Open Redirect On Your Login Panel

Reported by: chiraggupta8769- | Disclosed:

Low

Weakness: Open Redirect

[www.zomato.com] Getting a complimentary dessert [Zomato Treats] on ordering a Meal at no cost

Reported by: harsh13 | Disclosed:

Medium

Outdated MediaElement.js Reflected Cross-Site Scripting (XSS)

Reported by: mrtn | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Able to manipulate order amount by removing cancellation amount and cause financial impact

Reported by: sjvino | Disclosed:

High

Weakness: Business Logic Errors

Amazon S3 bucket misconfiguration (share)

Reported by: glc | Disclosed:

Weakness: Improper Access Control - Generic

[www.zomato.com] Union SQLi + Waf Bypass

Reported by: gerben_javado | Disclosed:

Weakness: SQL Injection

Bounty: $1000.00

[www.zomato.com] Blind SQL Injection in /php/geto2banner

Reported by: zzzhacker13 | Disclosed:

Critical

Weakness: SQL Injection

Bounty: $2000.00

Blind XSS - Report review - Admin panel

Reported by: gerben_javado | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $350.00

credentials leakage in public lead to view dev websites

Reported by: xsam | Disclosed:

Low

Weakness: Information Disclosure

Reflected XSS on developers.zomato.com

Reported by: areizen | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $100.00

Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter

Reported by: 0xdekster | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Base alpha version code exposure

Reported by: cha5m | Disclosed:

Weakness: Information Disclosure

Page 1 of 6 Next