TOPHACKERONE.md

Top reports from HackerOne program at HackerOne:

1. Account takeover via leaked session cookie to HackerOne - 1624 upvotes, $20000
2. Confidential data of users and limited metadata of programs and reports accessible via GraphQL to HackerOne - 1028 upvotes, $0
3. WannaCrypt “Killswitch” to HackerOne - 807 upvotes, $0
4. Email address of any user can be queried on Report Invitation GraphQL type when username is known to HackerOne - 669 upvotes, $0
5. The /reports/:id.json endpoint discloses potentially sensitive user attributes when reporter summary is present to HackerOne - 619 upvotes, $0
6. Customer private program can disclose email any users through invited via username to HackerOne - 588 upvotes, $7500
7. Server Side Request Forgery (SSRF) via Analytics Reports to HackerOne - 514 upvotes, $0
8. profile-picture name parameter with large value lead to DoS for other users and programs on the platform to HackerOne - 474 upvotes, $0
9. How the Bug stole hacking to HackerOne - 470 upvotes, $0
10. June 2022 Incident Report to HackerOne - 423 upvotes, $0
11. An attacker can can view any hacker email via /SaveCollaboratorsMutation operation name to HackerOne - 422 upvotes, $12500
12. Reflected XSS on www.hackerone.com and resources.hackerone.com to HackerOne - 386 upvotes, $500
13. IDOR - Delete all Licenses and certifications from users account using CreateOrUpdateHackerCertification GraphQL query to HackerOne - 381 upvotes, $12500
14. [CVE-2022-44268] Arbitrary Remote Leak via ImageMagick to HackerOne - 371 upvotes, $0
15. Hackerone is not properly deleting user id to HackerOne - 355 upvotes, $0
16. Partial disclosure of report activity through new "Export as .zip" feature to HackerOne - 353 upvotes, $10000
17. Insecure Direct Object Reference (IDOR) - Delete Campaigns to HackerOne - 344 upvotes, $0
18. Attachment disclosure via summary report to HackerOne - 332 upvotes, $0
19. Getting New Invitations without Leaving Programs to HackerOne - 321 upvotes, $0
20. An attacker can archive and unarchive any structured scope object on HackerOne to HackerOne - 317 upvotes, $0
21. Information Disclosure in /skills call to HackerOne - 284 upvotes, $10000
22. Disclosing PolicyPageAssetGroup in Private Programs via /graphql gid://hackerone/PolicyPageAssetGroupsIndex::PolicyPageAssetGroup/{id} to HackerOne - 279 upvotes, $25000
23. Internal attachments can be exported via "Export as .zip" feature to HackerOne - 267 upvotes, $12500
24. Team member with Program permission only can escalate to Admin permission to HackerOne - 267 upvotes, $0
25. Denial of service via cache poisoning to HackerOne - 253 upvotes, $2500
26. Insecure Direct Object Reference (IDOR) Allows Viewing Private Report Details via /bugs.json Endpoint to HackerOne - 252 upvotes, $0
27. View Titles of Private Reports with pending email invitation to HackerOne - 249 upvotes, $0
28. Race condition in performing retest allows duplicated payments to HackerOne - 237 upvotes, $0
29. Cross-site Scripting (XSS) on HackerOne careers page to HackerOne - 236 upvotes, $500
30. Reflected XSS on www.hackerone.com via Wistia embed code to HackerOne - 236 upvotes, $500
31. Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack to HackerOne - 227 upvotes, $0
32. HackerOne SAML signup domain enforcement bypass results in unauthorized access to HackerOne PullRequest organization to HackerOne - 224 upvotes, $0
33. Account takeover of existing HackerOne accounts through SCIM provisioning to HackerOne - 224 upvotes, $0
34. Internal Access to Hackerone confluence Docs to HackerOne - 222 upvotes, $12500
35. Public GitHub repositories for multiple HackerOne managed triage team profiles contain private HackerOne reports information to HackerOne - 222 upvotes, $2700
36. Google Docs link in JS files allows editing & reading survey information to HackerOne - 215 upvotes, $0
37. Manipulate hacker profile and private program hacktivity to expose your name as researchers who is actively submitting reports with resolve status to HackerOne - 213 upvotes, $500
38. Uploading large payload on domain instructions causes server-side DoS to HackerOne - 207 upvotes, $2500
39. HackerOne Jira integration plugin Leaked JWT to unauthorized jira users to HackerOne - 206 upvotes, $3000
40. DOM Based XSS in www.hackerone.com via PostMessage to HackerOne - 206 upvotes, $500
41. Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form to HackerOne - 204 upvotes, $10000
42. IDOR vulnerability in unreleased HackerOne Copilot feature to HackerOne - 204 upvotes, $0
43. HackerOne making payments in USDC (Coinbase stable coin) to HackerOne - 201 upvotes, $0
44. 2020-10-09 Credential Stuffing Attack to HackerOne - 195 upvotes, $0
45. An invite-only's program submission state is accessible to users no longer part of the program to HackerOne - 194 upvotes, $500
46. Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos to HackerOne - 194 upvotes, $0
47. Unauthorized access to metadata of undisclosed reports that were retested to HackerOne - 188 upvotes, $0
48. Markdown parsing issue enables insertion of malicious tags and event handlers to HackerOne - 184 upvotes, $5000
49. adding h1_analyst_* to username for normal users to HackerOne - 184 upvotes, $500
50. Disclosure of payment_transactions for programs via GraphQL query to HackerOne - 176 upvotes, $0
51. Account creation with invalid email addresses / email is accepting % and %0d%0a line termination chars to HackerOne - 173 upvotes, $3750
52. SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter to HackerOne - 172 upvotes, $0
53. 404-response contains debug-information with all headers to HackerOne - 170 upvotes, $0
54. Total Paid Bounty Paid can be disclose to HackerOne - 168 upvotes, $500
55. IDOR Vulnerability at AddTagToAssets operation name to HackerOne - 167 upvotes, $0
56. RXSS at image.hackerone.live via the url parameter to HackerOne - 166 upvotes, $500
57. Improper CSRF token validation allows attackers to access victim's accounts linked to Hackerone to HackerOne - 163 upvotes, $0
58. Web Authentication Endpoint Credentials Brute-Force Vulnerability to HackerOne - 160 upvotes, $0
59. Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint to HackerOne - 160 upvotes, $0
60. DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API to HackerOne - 158 upvotes, $12500
61. IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier to HackerOne - 155 upvotes, $2500
62. Hacker.One Subdomain Takeover to HackerOne - 154 upvotes, $0
63. LLM01: Invisible Prompt Injection to HackerOne - 154 upvotes, $0
64. Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP to HackerOne - 152 upvotes, $0
65. Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com to HackerOne - 152 upvotes, $0
66. Hackerone supports accounts organitation takeover to HackerOne - 150 upvotes, $2500
67. Race Condition leads to undeletable group member to HackerOne - 150 upvotes, $0
68. [ Spot Check ] Team members can edit a user's write-up to HackerOne - 148 upvotes, $0
69. Slack integration setup lacks CSRF protection to HackerOne - 146 upvotes, $2500
70. Stored XSS in IE11 on hackerone.com via custom fields to HackerOne - 146 upvotes, $0
71. Banned user still has access to their deleted account via HackerOne's API using their API key to HackerOne - 146 upvotes, $0
72. Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report to HackerOne - 145 upvotes, $3000
73. Team object in GraphQL disclosed private_comment to HackerOne - 144 upvotes, $2500
74. h1-202 leaderboard photo discloses local wifi password to HackerOne - 144 upvotes, $0
75. Unauthorized user can obtain report_sources attribute through Team GraphQL object to HackerOne - 141 upvotes, $2500
76. Blind SSRF on errors.hackerone.net due to Sentry misconfiguration to HackerOne - 140 upvotes, $3500
77. Banned researcher gets email updates on a private program. to HackerOne - 139 upvotes, $0
78. Private program disclosure via vpn_suspended GraphQL query to HackerOne - 137 upvotes, $2500
79. Disclose any user's private email through API to HackerOne - 137 upvotes, $0
80. Payload delivery via Social Media urls on H1 profile to HackerOne - 136 upvotes, $0
81. Subdomain takeover at info.hacker.one to HackerOne - 134 upvotes, $0
82. Bypassing HackerOne 2FA due to race condition to HackerOne - 134 upvotes, $0
83. Takeover of hackerone.engineering via Github to HackerOne - 133 upvotes, $0
84. Server Side Request Forgery (SSRF) in webhook functionality to HackerOne - 131 upvotes, $2500
85. Disclosure handle private program with external link to HackerOne - 128 upvotes, $2500
86. Content spoofing and potential Cross-Site Scripting vulnerability on www.hackerone.com to HackerOne - 128 upvotes, $0
87. Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible to HackerOne - 127 upvotes, $0
88. Race Conditions in Popular reports feature. to HackerOne - 124 upvotes, $0
89. Stored XSS on www.hackerone.com due to deleted S3-bucket from old page_widget to HackerOne - 122 upvotes, $0
90. Ability to access policy and updates for unauthorized program to HackerOne - 122 upvotes, $0
91. Internal Gitlab Ticket Disclosure via External Slack Channels to HackerOne - 118 upvotes, $0
92. Leaked H1's Employees Email addresses,meeting info on private bug bounty program ████████ to HackerOne - 118 upvotes, $0
93. Any user could upload attachments to pentest scoping form they don't have access to to HackerOne - 118 upvotes, $0
94. @wearehackerone.com is vulnerable to namespace attacks due to hackerone.com not being RFC2142 compliant. to HackerOne - 117 upvotes, $0
95. Account recovery text message is sending a wrong domain to users. to HackerOne - 117 upvotes, $0
96. Lack of Validation in Reward Redemption Allows Unlimited Burp Suite License Abuse to HackerOne - 114 upvotes, $0
97. Emails of invited collaborators are disclosed in full in payload for report participants to HackerOne - 111 upvotes, $0
98. ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages to HackerOne - 111 upvotes, $0
99. Recently added 'Country' field doesn't send email notification when changed to HackerOne - 108 upvotes, $0
100. Ability to identify actual private from sandboxed programs using link hackerone.com/$handle/terms_acceptance_data.csv to HackerOne - 107 upvotes, $500
101. GraphQL field on Team node can be used to determine if External Program runs invite-only program to HackerOne - 106 upvotes, $2500
102. DOM Based XSS in www.hackerone.com via PostMessage (bypass of #398054) to HackerOne - 106 upvotes, $0
103. [Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content" to HackerOne - 104 upvotes, $500
104. Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature to HackerOne - 103 upvotes, $2500
105. [IDOR] Improper Access Control on Embedded Submission Form to HackerOne - 103 upvotes, $2500
106. Blind XSS in app.pullrequest.com/████████ via /reviews/ratings/{uuid} to HackerOne - 102 upvotes, $0
107. Banned user still able to invited to reports as a collabrator and reset the password to HackerOne - 102 upvotes, $0
108. Access Control Vulnerability Enabling Unauthorized Access to Limited Disclosure Reports to HackerOne - 101 upvotes, $0
109. Program Member Could Duplicate Report To A Non Related Program Original Report to HackerOne - 101 upvotes, $0
110. Creation of bounties through Customer API leads to private email disclosure to HackerOne - 98 upvotes, $0
111. Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request to HackerOne - 97 upvotes, $0
112. How the Arch Angel stole Live Events to HackerOne - 97 upvotes, $0
113. New Hacktivity features:Bounty rewards leakage Where programs doesn’t decide to disclose bounty in limited disclosure report to HackerOne - 96 upvotes, $0
114. Subdomain takeover of resources.hackerone.com to HackerOne - 94 upvotes, $500
115. Reading redacted data via hackbot's answers to HackerOne - 93 upvotes, $1500
116. Password not checked when disabling 2FA on HackerOne to HackerOne - 93 upvotes, $0
117. Race Condition in Flag Submission to HackerOne - 93 upvotes, $0
118. Team object in GraphQL disclosed total number of whitelisted hackers to HackerOne - 92 upvotes, $2500
119. An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed to HackerOne - 91 upvotes, $0
120. Cloud Computer Hackerone Triager can be Accessible for everyone [h1_analyst_lucas+view@wearehackerone.com] computer to HackerOne - 91 upvotes, $0
121. A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately to HackerOne - 90 upvotes, $2500
122. Confirmed #2118458: Intentional redirect from www.hackerone.com to domain which is up for sale to HackerOne - 90 upvotes, $0
123. Security@ email forwarding and Embedded Submission drafts can be used to obtain copy of deleted attachments from other HackerOne users to HackerOne - 89 upvotes, $0
124. Bypass report submit restriction/ban using the API key to HackerOne - 88 upvotes, $0
125. SQL Injection in CVE Discovery Search to HackerOne - 85 upvotes, $0
126. Scope information is leaked when visiting policy scopes tab of any External Program to HackerOne - 85 upvotes, $0
127. Able to Create Testimonials for myself using Sandbox to HackerOne - 84 upvotes, $2500
128. "Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics to HackerOne - 84 upvotes, $500
129. Unauthenticated user can upload an attachment to the last updated report draft to HackerOne - 84 upvotes, $0
130. HTML Injection in email via Name field to HackerOne - 84 upvotes, $0
131. Triager/Team members can edit hacker's report and hacker is not even notified to HackerOne - 83 upvotes, $2500
132. Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal.████.com) to HackerOne - 83 upvotes, $0
133. Denial Of Service (Out Of Memory) on Updating Bounty Table [Urgent] to HackerOne - 83 upvotes, $0
134. Login CSRF vulnerability on hackerone.com to HackerOne - 82 upvotes, $500
135. Some limited confidential information can still be accessed after a user exits a private program to HackerOne - 82 upvotes, $50
136. Draft report exposure via slack alerting system for programs to HackerOne - 81 upvotes, $2500
137. Improper UUID validation results in bypass of #419896 to HackerOne - 81 upvotes, $0
138. Private information exposed through GraphQL filters to HackerOne - 81 upvotes, $0
139. [hackerone.com] Program's old handles are not blacklisted like usernames and allows reclaim over past handles for potential abuse to HackerOne - 81 upvotes, $0
140. Possible PII Disclosure via Advanced Vetting Process - ██████ to HackerOne - 80 upvotes, $2500
141. Bypass of #2035332 RXSS at image.hackerone.live via the url parameter to HackerOne - 80 upvotes, $0
142. Domain highlighting on External link warning is not working on Chrome & Microsoft Edge browsers on Mobile to HackerOne - 80 upvotes, $0
143. latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users to HackerOne - 79 upvotes, $0
144. Program admins could add verified domains to an organization to HackerOne - 79 upvotes, $0
145. [Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery" to HackerOne - 79 upvotes, $0
146. Subdomain takeover #2 at info.hacker.one to HackerOne - 78 upvotes, $0
147. Any one can view collaborater email address via path /reports/<id>/participants to HackerOne - 78 upvotes, $0
148. HackerOne Undisclosed Report Leak via PoC of Full Disclosure on Hacktivity to HackerOne - 77 upvotes, $500
149. IDOR on HackerOne Feedback Review to HackerOne - 77 upvotes, $0
150. inviting collaborator using email disclose the hackerone account related to the user to HackerOne - 77 upvotes, $0
151. Near to Infinite loop when changing Group's name that has API token as Team Member to HackerOne - 76 upvotes, $2500
152. A HackerOne employee's GitHub personal access token exposed in Travis CI build logs to HackerOne - 75 upvotes, $2000
153. Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?) to HackerOne - 75 upvotes, $0
154. Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent to HackerOne - 75 upvotes, $0
155. Any organization's assets pending review can be downloaded to HackerOne - 75 upvotes, $0
156. Team object in GraphQL discloses team group names and permissions to HackerOne - 74 upvotes, $2500
157. Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted to HackerOne - 74 upvotes, $500
158. Usernames still visible on report export pdf despite "I want to redact all usernames" is selected to HackerOne - 74 upvotes, $500
159. Asset Inventory Internal Descriptions are leaked in CSV export to HackerOne - 74 upvotes, $0
160. Access to limited confidential information of private program as a Ex-reporter, Report Participant(external user) & Ex-staff member to HackerOne - 74 upvotes, $0
161. Validation message in Bounty award endpoint can be used to determine program balances to HackerOne - 73 upvotes, $0
162. Team object in GraphQL disclosed of private programs via the industry to HackerOne - 72 upvotes, $500
163. Race condition leads to duplicate payouts to HackerOne - 72 upvotes, $0
164. The request tells the number of private programs, the new system of authorization /invite/token to HackerOne - 71 upvotes, $2000
165. The hacker has access to the administrative part of the management reports in publish report to HackerOne - 71 upvotes, $500
166. Race condition in joining CTF group to HackerOne - 71 upvotes, $500
167. Homograph fix Bypass to HackerOne - 71 upvotes, $0
168. Potential stored Cross-Site Scripting vulnerability in Support Backend to HackerOne - 71 upvotes, $0
169. Being able to disclose IBB bounty table of any public program to HackerOne - 71 upvotes, $0
170. Making program preference -> program visibilty feature usless and disclosing API Identifier in the progress and data that may cause potential IDORS. to HackerOne - 70 upvotes, $0
171. Deprecated Hacker101 coursework repository mentions Heroku App that is susceptible to takeover to HackerOne - 68 upvotes, $500
172. Private data related to program exposed via /reports/<id>.json endpoint to external user participant to HackerOne - 68 upvotes, $0
173. Inline banner on Report page discloses whether organization runs a private program to HackerOne - 67 upvotes, $500
174. Non Org Admin/Group Manager can create groups in an organization to HackerOne - 67 upvotes, $0
175. Pixel flood attack to HackerOne - 66 upvotes, $500
176. IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs to HackerOne - 66 upvotes, $0
177. Attachment object in GraphQL continues to grant access to files, even if they are removed from rendering to HackerOne - 66 upvotes, $0
178. Bypassing the victim's phone number OTP in the account recovery process on the https://hackerone.com/settings/auth/setup_account_recovery to HackerOne - 66 upvotes, $0
179. HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms to HackerOne - 65 upvotes, $0
180. Residual Malicious Payloads on HackerOne after Vulnerability Fixes to HackerOne - 65 upvotes, $0
181. Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile to HackerOne - 64 upvotes, $2500
182. Partial report contents leakage - via HTTP/2 concurrent stream handling to HackerOne - 64 upvotes, $2500
183. Private program disclosure of ██████████ through notifications to HackerOne - 64 upvotes, $500
184. Any user with access to program can resume and suspend HackerOne Gateway to HackerOne - 64 upvotes, $0
185. Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission to HackerOne - 64 upvotes, $0
186. Hackers can find out the ID of private programs to HackerOne - 64 upvotes, $0
187. Private draft report exposure in a program a user is added as a viewer to to HackerOne - 63 upvotes, $2500
188. Minor security issue with Hackerone Invitations from sandbox program to HackerOne - 63 upvotes, $0
189. Disclosure of Email title report in quick award paypout email (no content mode) to HackerOne - 62 upvotes, $500
190. LLM03: Training Data Poisoning via ASCII decoding to HackerOne - 62 upvotes, $0
191. "package_name" can be set as desired when submitting a Pentest Opportunity form to HackerOne - 62 upvotes, $0
192. Query parameter reordering causes redirect page to render unsafe URL to HackerOne - 61 upvotes, $1500
193. Parameter pollution in social sharing buttons to HackerOne - 61 upvotes, $500
194. HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information to HackerOne - 60 upvotes, $0
195. TeamProfile exposes partially sensitive information through GraphQL to HackerOne - 60 upvotes, $0
196. Takeover of hackerone.engineering via Medium to HackerOne - 60 upvotes, $0
197. Report Private Links Leaks to Google Analytics via Query String Param to HackerOne - 59 upvotes, $0
198. Unauthenticated users can obtain information about Checklist objects with unclaimed ChecklistCheck objects to HackerOne - 59 upvotes, $0
199. View any user email using the Team's audit log section to HackerOne - 59 upvotes, $0
200. Inadequate redaction exposes sensitive information via the “ShareReportViaEmail" GraphQL endpoint to HackerOne - 59 upvotes, $0
201. Subdomain takeover #3 at info.hacker.one to HackerOne - 58 upvotes, $0
202. Team object exposes amount of participants in a private program to non-invited users to HackerOne - 58 upvotes, $0
203. Stored XSS on https://events.hackerone.com to HackerOne - 58 upvotes, $0
204. HackerOne Staging uses Production data for testing to HackerOne - 58 upvotes, $0
205. Private program policy page still accessible after user left the program to HackerOne - 57 upvotes, $2500
206. Invalid Host detection at https://hackerone.com/redirect to HackerOne - 57 upvotes, $0
207. Private program name disclosure in the invitation mail for another program to HackerOne - 57 upvotes, $0
208. Changing the 2FA secret key and backup codes without knowing the 2FA OTP to HackerOne - 56 upvotes, $0
209. Email Forwarding invitations for Drafts are not marked as accepted, allowing multiple users to join a program after disabling Email Forwarding to HackerOne - 54 upvotes, $500
210. Open Redirect on http://events.hackerone.com/redirect?url=https://naglinagli.github.io to HackerOne - 54 upvotes, $0
211. 2M Reports on HackerOne Celebration! - Ability to bulk-submit many reports. to HackerOne - 54 upvotes, $0
212. Register & create a ticket as somebody else on HackerOne Support to HackerOne - 54 upvotes, $0
213. New Search Feature: Search for non-public words in limited disclosure reports to HackerOne - 54 upvotes, $0
214. Open Redirection in index.php page to HackerOne - 53 upvotes, $0
215. Embedded submission form UUIDs can be enumerated through GraphQL node interface, exposing sensitive program details to HackerOne - 53 upvotes, $0
216. Race condition in claiming program credentials to HackerOne - 53 upvotes, $0
217. Organization members can delete reports in teams they have no access to to HackerOne - 53 upvotes, $0
218. Hacker email disclosed on submission at hackerone hactivity to HackerOne - 52 upvotes, $100
219. Extra program metrics disclosed via /PROGRAM_NAME json response to HackerOne - 51 upvotes, $0
220. GIF flooding to HackerOne - 50 upvotes, $250
221. Websites opened from reports can change url of report page to HackerOne - 50 upvotes, $0
222. Subdomain takeover #4 at info.hacker.one to HackerOne - 50 upvotes, $0
223. Total bounties paid amount is disclosed because of redesign of the Program Profiles to HackerOne - 50 upvotes, $0
224. New link opening method makes hackerone vulnerable to tabnabbing to HackerOne - 50 upvotes, $0
225. Program managers can see draft reports using Export Reports feature to HackerOne - 50 upvotes, $0
226. Staff and Triage can modify the initial post of a report, including of already disclosed reports to HackerOne - 49 upvotes, $0
227. Real impersonation to HackerOne - 48 upvotes, $0
228. Missing SPF for hackerone.com to HackerOne - 48 upvotes, $0
229. View HackerOne challenge scope before challenge begins to HackerOne - 48 upvotes, $0
230. Attachment in published HackerOne report exposure private program to HackerOne - 48 upvotes, $0
231. Response program can display "eligible for bounty" in scope area in program policy to HackerOne - 47 upvotes, $500
232. Domain spoofing in redirect page using RTLO to HackerOne - 47 upvotes, $0
233. Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled to HackerOne - 47 upvotes, $0
234. information disclosure of another company bug on video. to HackerOne - 47 upvotes, $0
235. Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session to HackerOne - 46 upvotes, $500
236. Disclosure of the name of a program that has a private part with an external link to HackerOne - 46 upvotes, $500
237. Adding or removing a new non-preferred payout method does not trigger an e-mail or account notification to HackerOne - 46 upvotes, $0
238. "Bounty splitting enabled" can discloses if public VDPs are running private VRP to HackerOne - 46 upvotes, $0
239. Report Duplicate Detector can match deleted and draft reports, may disclose title and vulnerability information to HackerOne - 46 upvotes, $0
240. Bypass comment restriction to HackerOne - 46 upvotes, $0
241. Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot to HackerOne - 45 upvotes, $500
242. Response program can create bounty table to HackerOne - 45 upvotes, $500
243. Content Security Policy not applied to error pages at multiple HackerOne endpoints to HackerOne - 45 upvotes, $0
244. ImageMagick GIF coder vulnerability leading to memory disclosure to HackerOne - 44 upvotes, $500
245. Repeated mediation requests and multiple emails possible on a report. to HackerOne - 44 upvotes, $500
246. Disclosing a private program in an external link if program is paused to HackerOne - 44 upvotes, $500
247. Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com to HackerOne - 44 upvotes, $0
248. Hogging up all the resources on hackerone.com to HackerOne - 44 upvotes, $0
249. API Last Request Date/Time Not Updating to HackerOne - 44 upvotes, $0
250. Ability to invite a new member on Sandbox Program to HackerOne - 44 upvotes, $0
251. Two factor authentication bypass to HackerOne - 44 upvotes, $0
252. Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based" to HackerOne - 43 upvotes, $2500
253. HackerOne support disclosing report state without checking user identity to HackerOne - 43 upvotes, $500
254. Upload profile photo from URL to HackerOne - 43 upvotes, $0
255. (HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation to HackerOne - 43 upvotes, $0
256. Hackers two email disclosed on submission at hackerone hactivity to HackerOne - 43 upvotes, $0
257. IE 11 Self-XSS on Jira Integration Preview Base Link to HackerOne - 42 upvotes, $750
258. User login page doesn't implement any form of rate limiting to HackerOne - 42 upvotes, $0
259. GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend to HackerOne - 42 upvotes, $0
260. User with privilege to maintain External Programs can update certain churned HackerOne programs to HackerOne - 41 upvotes, $500
261. Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs to HackerOne - 41 upvotes, $500
262. DNS Cache Poisoning to HackerOne - 41 upvotes, $100
263. AWS S3 bucket writeable for authenticated aws users to HackerOne - 41 upvotes, $0
264. Disclosure of top 10 vulnerability types for programs that haven't enabled the Insights feature to HackerOne - 41 upvotes, $0
265. The possibility of disrupting the normal operation of frontend using markdown to HackerOne - 41 upvotes, $0
266. Path traversal leading to limited CSRF on GET requests on two endpoints to HackerOne - 40 upvotes, $0
267. HTML injection in email at https://www.hackerone.com/ to HackerOne - 40 upvotes, $0
268. Report invitation links not restricted to any existing user to HackerOne - 39 upvotes, $500
269. Private program disclosure through notifications to HackerOne - 39 upvotes, $500
270. Team object in GraphQL that have a published external program may expose existence of a private program to HackerOne - 39 upvotes, $0
271. Open redirect vulnerability in index.php to HackerOne - 39 upvotes, $0
272. Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264 to HackerOne - 39 upvotes, $0
273. Private program email forwarding response invitation not expire after first use. to HackerOne - 38 upvotes, $0
274. Common response suggestion is sent to Google Analytics when user accepts duplicate comment Genius suggestion to HackerOne - 37 upvotes, $500
275. Ability to bulk submit reports via query named based batching to HackerOne - 37 upvotes, $500
276. HackerOne reports escalation to JIRA is CSRF vulnerable to HackerOne - 36 upvotes, $500
277. HackerOne Integrations Design Issue to HackerOne - 36 upvotes, $500
278. Invitation token leaks to https://bat.bing.com to HackerOne - 36 upvotes, $0
279. User's who are banned from program can still be invited to the new reports as collaborators to HackerOne - 36 upvotes, $0
280. Business Logic error leads to bypass 2FA requirement to HackerOne - 36 upvotes, $0
281. Changing Victim's JIRA Integration Settings Through Multiple Bugs to HackerOne - 35 upvotes, $1000
282. Information leakage of private program to HackerOne - 35 upvotes, $500
283. Updating payout preference to CurrencyCloud doesn't notify user via email to HackerOne - 35 upvotes, $500
284. [Bypass] Ability to invite a new member in sandbox Organization to HackerOne - 35 upvotes, $0
285. CSP not consistently applied to HackerOne - 34 upvotes, $0
286. Broken Authentication and session management OWASP A2 to HackerOne - 34 upvotes, $0
287. Accidental Access to Programs Information via SAML Login to HackerOne - 34 upvotes, $0
288. Timing attack towards endpoints on the web without CSRF to HackerOne - 33 upvotes, $0
289. Open Redirection in [https://www.hackerone.com/index.php] to HackerOne - 33 upvotes, $0
290. Program Email Nofication settings ignored when being added as an external contributor to HackerOne - 33 upvotes, $0
291. Lack warning label when receiving a letter to HackerOne - 33 upvotes, $0
292. View Any Program's Team Members through GET https://hackerone.com/invitations/ to HackerOne - 32 upvotes, $1000
293. RCE in profile picture upload to HackerOne - 32 upvotes, $0
294. Invitation tokens leak to Google Analytics to HackerOne - 32 upvotes, $0
295. IDOR on Program Visibilty (Revealed / Concealed) against other team members to HackerOne - 32 upvotes, $0
296. Internal usage of AdBlockPlus may expose PoC URLs to unknown third-parties to HackerOne - 32 upvotes, $0
297. Attacker can claim credentials for private program that has a published external program to HackerOne - 32 upvotes, $0
298. IDOR in Bugs overview enables attacker to determine the date range a hackathon was active to HackerOne - 32 upvotes, $0
299. Reflected XSS and possible SSRF/XXE on https://events.hackerone.com/conferences/get_recording_slides_xml.xml?url=myserver/xss.xml to HackerOne - 32 upvotes, $0
300. Hackers can reveal the names of private programs that have an external link and Enterprise Product Edition to HackerOne - 32 upvotes, $0
301. Private information exposed through GraphQL search endpoints aggregates to HackerOne - 32 upvotes, $0
302. Two-factor authentication bypass lead to information disclosure about the program and all hackers participate to HackerOne - 32 upvotes, $0
303. Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation to HackerOne - 32 upvotes, $0
304. Internal machine learning API endpoint for CWE classification is vulnerable to path traversal to HackerOne - 31 upvotes, $0
305. Reset the 2FA of the user which can lead to Account Takeover to HackerOne - 31 upvotes, $0
306. Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program to HackerOne - 31 upvotes, $0
307. Non-secure requests are not automatically upgraded to HTTPS to HackerOne - 30 upvotes, $0
308. Blind SSRF in "Integrations" by abusing a bug in Ruby's native resolver. to HackerOne - 30 upvotes, $0
309. CSRF at [Apply to this program] that lead to submit your request automatic with out any validations to HackerOne - 30 upvotes, $0
310. A small set of users were assigned someone else's payout preference to HackerOne - 30 upvotes, $0
311. HackerOne Pentesters can access any structured scope object through GraphQL node interface to HackerOne - 30 upvotes, $0
312. Read-only team members can read all properties of webhooks to HackerOne - 30 upvotes, $0
313. A team member of the program with Report rights can ban the Admin to HackerOne - 30 upvotes, $0
314. Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback to HackerOne - 30 upvotes, $0
315. Submitting report through Embedded Submission form gives user indefinite access to a profile to HackerOne - 29 upvotes, $500
316. Dangling cloud instance at vpn.inverselink.com to HackerOne - 29 upvotes, $500
317. Information leakage via CSV when content is valid JavaScript to HackerOne - 29 upvotes, $0
318. Program profile metrics endpoint contains mean time to triage, even when turned off to HackerOne - 29 upvotes, $0
319. Disclosure of h1 challenges name through the calendar to HackerOne - 29 upvotes, $0
320. Editing Pentest Summary Report Answers After Submitting Them to HackerOne - 29 upvotes, $0
321. Hacker can bypass minimum bounty amount restrictions in "invitation preferences" setting via UpdateInvitationPreferencesMutation GraphQL operation to HackerOne - 29 upvotes, $0
322. Attachment references in markdown don't warn before downloading to HackerOne - 29 upvotes, $0
323. Ability to escape database transaction through SQL injection, leading to arbitrary code execution to HackerOne - 29 upvotes, $0
324. Private invitation links/tokens leak to third-party analytics site to HackerOne - 28 upvotes, $500
325. Can read features from any user to HackerOne - 28 upvotes, $250
326. Improper Authentication - 2FA OTP Reusable to HackerOne - 28 upvotes, $0
327. 2FA Bypass via Leaked Cookies to HackerOne - 28 upvotes, $0
328. Session Not Expire / 2FA Bypass to HackerOne - 28 upvotes, $0
329. Program profile_metrics.json contains time to triage for deptofdefense even it's turned off to HackerOne - 27 upvotes, $250
330. Email spoofing to HackerOne - 27 upvotes, $0
331. Interstitial redirect bypass / open redirect in https://hackerone.com/zendesk_session to HackerOne - 27 upvotes, $0
332. Report redaction doesn't apply to report title update activities to HackerOne - 27 upvotes, $0
333. Able To Check The Exact Bounty Balance of any Bug Bounty Program to HackerOne - 27 upvotes, $0
334. A user can request a report to be retested even though the program has not been verified by HackerOne to HackerOne - 27 upvotes, $0
335. Bypassing Two-Factor Authentication via Account Deactivation and Password Reset to HackerOne - 27 upvotes, $0
336. Switching the user to the attacker's account to HackerOne - 26 upvotes, $150
337. Lack of input sanitization in Marketo form leads to execution of HTML in lead emails to HackerOne - 25 upvotes, $500
338. resolved bugs in a program are public despite the program settings to HackerOne - 25 upvotes, $0
339. Unicorn worker pool exhaustion by continuously updating payout preferences to HackerOne - 25 upvotes, $0
340. Information Disclosure when /invitations/<token>.json is not yet accepted to HackerOne - 25 upvotes, $0
341. SAML Response Reuse on hackerone.com/users/saml/auth to HackerOne - 25 upvotes, $0
342. Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement to HackerOne - 25 upvotes, $0
343. Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers to HackerOne - 24 upvotes, $500
344. Information disclosure (reset password token) and changing the user's password to HackerOne - 24 upvotes, $100
345. Improper session management to HackerOne - 24 upvotes, $100
346. CSRF login to HackerOne - 24 upvotes, $0
347. Hackerone Email Addresses Enumeration to HackerOne - 24 upvotes, $0
348. Ability to enumerate private programs using SAML to HackerOne - 24 upvotes, $0
349. User object in GraphQL exposes number of trial reports for External Programs that also have a Private Program to HackerOne - 24 upvotes, $0
350. report id is exposed for undisclosed reports in Hacktivity to HackerOne - 24 upvotes, $0
351. Disabled account can still use GraphQL endpoint to HackerOne - 24 upvotes, $0
352. 2fa can't be activated on app.pullrequest.com to HackerOne - 24 upvotes, $0
353. People who interviewed for HackerOne security analyst position can be enumerated and their personal email address may be exposed to HackerOne - 23 upvotes, $500
354. Hacker can request mediation for published reports to HackerOne - 23 upvotes, $500
355. Know undisclosed Bounty Amount when Bounty Statistics are enabled. to HackerOne - 23 upvotes, $0
356. HackerOne is still prone to Internet Explorer UXSS to HackerOne - 23 upvotes, $0
357. Mishandling of hackerone clear background checks resulting in disclosure of other hacker's information to HackerOne - 23 upvotes, $0
358. Tab nabbing in Hackerone inbox. to HackerOne - 22 upvotes, $500
359. Session not expired on logout to HackerOne - 22 upvotes, $100
360. Login page password-guessing attack to HackerOne - 22 upvotes, $0
361. Introspection query leaks sensitive graphql system information. to HackerOne - 22 upvotes, $0
362. Self DOM-Based XSS in www.hackerone.com to HackerOne - 22 upvotes, $0
363. program_analytics_benchmarks query shows information not visible in public to HackerOne - 22 upvotes, $0
364. Rounding errors on rewarding a bounty leads to bypassing the 20% H1 commission fee to HackerOne - 22 upvotes, $0
365. Improperly validated fields allows injection of arbitrary HTML via spoofed React objects to HackerOne - 21 upvotes, $5000
366. HTML injection can lead to data theft to HackerOne - 21 upvotes, $500
367. Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report to HackerOne - 21 upvotes, $500
368. CRLF injection in info.hacker.one to HackerOne - 21 upvotes, $0
369. Used email confirmation link reveals the email address which is tied to it to HackerOne - 21 upvotes, $0
370. HTML injection that may lead to XSS on HackerOne.com through H1 Triage Wizard Chrome Extension to HackerOne - 21 upvotes, $0
371. Users querying dim_hacker_reports table through Analytics API can determine data from dim_reports table using WHERE or HAVING query to HackerOne - 21 upvotes, $0
372. 2FA requirement bypass when claiming bounty to HackerOne - 21 upvotes, $0
373. Enumeration of users to HackerOne - 20 upvotes, $0
374. Able to create basic user account via Google login on HackerOne Drupal CMS to HackerOne - 20 upvotes, $0
375. Missing Certificate Authority Authorization rule to HackerOne - 20 upvotes, $0
376. Additional bypass allows SSRF for internal netblocks to HackerOne - 20 upvotes, $0
377. Homograph attack in escalate report to HackerOne - 20 upvotes, $0
378. Session hijacking attack to HackerOne - 20 upvotes, $0
379. Graphql: Sorting the reports by jira_status field resulted to different value to HackerOne - 20 upvotes, $0
380. Vulnerability with the way \ escaped characters in <http://danlec.com> style links are rendered to HackerOne - 19 upvotes, $5000
381. DNS Misconfiguration to HackerOne - 19 upvotes, $0
382. Limited Open redirection using SSO-SAML to HackerOne - 19 upvotes, $0
383. Insecure SHA1withRSA in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com to HackerOne - 19 upvotes, $0
384. Corrupted Authorization header can cause logs not to be ingested properly in ████████ to HackerOne - 19 upvotes, $0
385. CSRF allows to test email forwarding to HackerOne - 19 upvotes, $0
386. PNG compression DoS to HackerOne - 18 upvotes, $500
387. Invalid Phabricator API token revealed through error message when escalating a report to HackerOne - 18 upvotes, $500
388. HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com to HackerOne - 18 upvotes, $0
389. Know whether private program for company exist or not to HackerOne - 18 upvotes, $0
390. Unintended HTML inclusion as a result of https://hackerone.com/reports/110578 to HackerOne - 18 upvotes, $0
391. Possible CSRF during joining report as participant to HackerOne - 18 upvotes, $0
392. Exposing hackerone users personally identifiable information by abusing sandbox with swag reward enabled to HackerOne - 18 upvotes, $0
393. Lack of length validation on user address attribute to HackerOne - 18 upvotes, $0
394. Attacker may be able to bounce enough emails which suspend HackerOne's SES service and cause a DoS of HackerOne's email service to HackerOne - 18 upvotes, $0
395. Race condition allows to send multiple times feedback for the hacker to HackerOne - 18 upvotes, $0
396. TOTP Authenticator implementation Accepts Expired Codes to HackerOne - 18 upvotes, $0
397. File Name Enumeration to HackerOne - 17 upvotes, $0
398. Homograph attack to HackerOne - 17 upvotes, $0
399. Example HackerOne security@ forward domain is not registered to HackerOne - 17 upvotes, $0
400. www.hackerone.com website CSP "script-src" includes "unsafe-inline" to HackerOne - 17 upvotes, $0
401. Private partial disclosure of h1 infrastructure to HackerOne - 17 upvotes, $0
402. Missing Certificate Authority Authorization rule to HackerOne - 17 upvotes, $0
403. Previous attachments can be referenced when creating a new report to HackerOne - 17 upvotes, $0
404. Invited team member can disclosure slack channels to HackerOne - 16 upvotes, $500
405. Names not completely redacted despite "Redact the names of the involved users" is selected to HackerOne - 16 upvotes, $500
406. Old titles are not hidden in reports with limited disclosure to HackerOne - 16 upvotes, $0
407. Ability to monitor reports' submission in real time to HackerOne - 16 upvotes, $0
408. Users contents on AWS is cacheable to HackerOne - 16 upvotes, $0
409. Submitted reports state logs leakage to HackerOne - 16 upvotes, $0
410. Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token. to HackerOne - 16 upvotes, $0
411. PII data Leakage through hackerone reports to HackerOne - 16 upvotes, $0
412. Hackers can reveal the names of private programs that have an external link to HackerOne - 16 upvotes, $0
413. Enumerating HackerOne Pentests to HackerOne - 16 upvotes, $0
414. Markdown parsing issue enables insertion of malicious tags and event handlers to HackerOne - 15 upvotes, $5000
415. Password Reset Bug to HackerOne - 15 upvotes, $100
416. Logical issues with account settings to HackerOne - 15 upvotes, $0
417. Flawed account creation process allows registration of usernames corresponding to existing file names to HackerOne - 15 upvotes, $0
418. Able to remove the admin access of my program to HackerOne - 15 upvotes, $0
419. Report title and issue information prepopulated to HackerOne - 15 upvotes, $0
420. Lack of cross-origin request blocking allows leaking of sensitive information on several endpoints to HackerOne - 15 upvotes, $0
421. Pre-generation of 2FA secret/backup codes seems like an unnecessary risk to HackerOne - 14 upvotes, $1000
422. Control Characters Not Stripped From Username on Signup to HackerOne - 14 upvotes, $0
423. Session Management to HackerOne - 14 upvotes, $0
424. Session not invalidated after password reset to HackerOne - 14 upvotes, $0
425. Account takeover to HackerOne - 14 upvotes, $0
426. Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met) to HackerOne - 14 upvotes, $0
427. Gain reputation by creating a duplicate of an existing report to HackerOne - 14 upvotes, $0
428. Race Conditions Exist When Accepting Invitations to HackerOne - 14 upvotes, $0
429. Inadequate access controls in "Vote" functionality??? to HackerOne - 14 upvotes, $0
430. Obtain the username & the uid of the one doing the S3 sync on Hackerone to HackerOne - 14 upvotes, $0
431. Researcher gets email updates on a private program after he/she quits that program. to HackerOne - 14 upvotes, $0
432. CSV Injection at the CSV export feature to HackerOne - 14 upvotes, $0
433. Missing rate limit on critical user actions e.g. reset password, change email, disable account. to HackerOne - 14 upvotes, $0
434. Moving a report to a different program doesn't reassign the Custom Field Values to HackerOne - 14 upvotes, $0
435. Changes to data in a CVE request after draft via GraphQL query to HackerOne - 14 upvotes, $0
436. Bypassing the External Link Warning to HackerOne - 14 upvotes, $0
437. CSS leaks SCSS debug info to HackerOne - 13 upvotes, $0
438. CSV Injection with the CVS export feature to HackerOne - 13 upvotes, $0
439. Requesting Mediation possible on reports that are too old for mediation to HackerOne - 13 upvotes, $0
440. homograph attack. IDNs displayed in unicode in bug reports and on external link warning page to HackerOne - 12 upvotes, $500
441. Open redirect in "Language change". to HackerOne - 12 upvotes, $500
442. Improve signals in reputation to HackerOne - 12 upvotes, $0
443. Manipulate report timeline activity by using null byte. to HackerOne - 12 upvotes, $0
444. Unauthorized Team members viewing to HackerOne - 12 upvotes, $0
445. Possible CSRF during external programs to HackerOne - 12 upvotes, $0
446. javascript: and mailto: links are allowed in JIRA integration settings to HackerOne - 12 upvotes, $0
447. GitHub users outside of HackerOne organization can create and update Wiki pages of certain public HackerOne repositories to HackerOne - 12 upvotes, $0
448. Temporary banned user (from platform) is able to make submissions via embedded submission forms to HackerOne - 12 upvotes, $0
449. CSRF possible when SOP Bypass/UXSS is available to HackerOne - 11 upvotes, $2500
450. No email verification on username change to HackerOne - 11 upvotes, $500
451. Flawed account creation process allows registration of usernames corresponding to existing file names to HackerOne - 11 upvotes, $100
452. All Active user sessions should be deleted when user change his password! to HackerOne - 11 upvotes, $100
453. RTL override symbol not stripped from file names to HackerOne - 11 upvotes, $0
454. Privilege escalation..., or not?! to HackerOne - 11 upvotes, $0
455. Verbose PHP error messages exposed on a blog article to HackerOne - 11 upvotes, $0
456. New hacktivity view discloses report IDs of non-public reports to HackerOne - 10 upvotes, $500
457. A password reset page does not properly validate the authenticity token at the server side. to HackerOne - 10 upvotes, $100
458. Session Hijacking attack (Different Scenario) to HackerOne - 10 upvotes, $0
459. CSV Injection via the CSV export feature to HackerOne - 10 upvotes, $0
460. Reflected File Download to HackerOne - 10 upvotes, $0
461. LinkedIN URL should be HTTPS to HackerOne - 10 upvotes, $0
462. Reward Money Leakage to HackerOne - 10 upvotes, $0
463. Missing Password Confirmation at a Critical Function (Payout Method) to HackerOne - 10 upvotes, $0
464. While adding a payment method - Notification email not sent to newly added email ID as well as there is no verification for new email id (Paypal) to HackerOne - 10 upvotes, $0
465. Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA to HackerOne - 10 upvotes, $0
466. CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain to HackerOne - 9 upvotes, $2000
467. Limited CSRF bypass. to HackerOne - 9 upvotes, $500
468. Change Any username and profile link in hackerone to HackerOne - 9 upvotes, $100
469. "early preview" programs disclosure to HackerOne - 9 upvotes, $0
470. Anti-MIME-Sniffing header X-Content-Type-Options header has not been set. to HackerOne - 9 upvotes, $0
471. Private program activity timeline information disclosure to HackerOne - 9 upvotes, $0
472. Reputation Manipulation (Theoretical) to HackerOne - 9 upvotes, $0
473. Reflected Filename Download to HackerOne - 9 upvotes, $0
474. Disclosure of external users invited to a specific report to HackerOne - 9 upvotes, $0
475. Information disclosure via policy update notifications after removal from program to HackerOne - 9 upvotes, $0
476. Search query text, including from potentially undisclosed reports, sent to Google Analytics on Inbox query page to HackerOne - 9 upvotes, $0
477. GraphQL sessions aren't immediately invalidated when user password is changed to HackerOne - 9 upvotes, $0
478. External programs revealing info to HackerOne - 8 upvotes, $1500
479. Redirect while opening links in new tabs to HackerOne - 8 upvotes, $500
480. Insecure Direct Object Reference vulnerability to HackerOne - 8 upvotes, $500
481. Weird Bug - Ability to see partial of other user's notification to HackerOne - 8 upvotes, $0
482. Adding an user email address to the list before confirming. to HackerOne - 8 upvotes, $0
483. Email changing to HackerOne - 8 upvotes, $0
484. Ability to see common response titles of other teams (limited) to HackerOne - 8 upvotes, $0
485. Restrict any user from logging into his account. to HackerOne - 8 upvotes, $0
486. Logic Issue with Reputation: Boost Reputation Points to HackerOne - 8 upvotes, $0
487. javascript: and mailto: links are allowed on users' profiles to HackerOne - 8 upvotes, $0
488. Autocomplete enabled in Paypal preferences to HackerOne - 8 upvotes, $0
489. Report title autocompletion to HackerOne - 8 upvotes, $0
490. Increase number of bugs by sending duplicate of your own valid report to HackerOne - 8 upvotes, $0
491. Private Program all members disclosed to HackerOne - 8 upvotes, $0
492. Leakage badges on disabled user to HackerOne - 8 upvotes, $0
493. Information leakage - Private reports cached by Google to HackerOne - 8 upvotes, $0
494. Information disclosure to HackerOne - 8 upvotes, $0
495. Accessing title of the report of which you are marked as duplicate to HackerOne - 7 upvotes, $500
496. Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports to HackerOne - 7 upvotes, $500
497. "learn more here", reward email - domain expired. to HackerOne - 7 upvotes, $0
498. In markdown, parsing things like @danlec and #46072 after links is unsafe to HackerOne - 7 upvotes, $0
499. Send AJAX request to external domain to HackerOne - 7 upvotes, $0
500. Null byte injection to HackerOne - 7 upvotes, $0
501. External links should use rel="noopener" or use the redirect service to HackerOne - 7 upvotes, $0
502. Deleted name still present via mouseover functionality for user accounts to HackerOne - 7 upvotes, $0
503. Accepting Invalid characters on email address to HackerOne - 7 upvotes, $0
504. Open redirect deceive in hackerone.com via another open redirect link. to HackerOne - 7 upvotes, $0
505. Ajouter le même utilisateur que celui déjà inscrit dans les équipes to HackerOne - 7 upvotes, $0
506. Mismatch between frontend and backend validation via ban_researcher leads to H1 support and hackers email spam to HackerOne - 7 upvotes, $0
507. Redirect FILTER bypass in report/comment to HackerOne - 6 upvotes, $500
508. Team member invitations to sandboxed teams are not invalidated consistently (v2) to HackerOne - 6 upvotes, $500
509. Multiple issues with Markdown and URL parsing to HackerOne - 6 upvotes, $500
510. Securing sensitive pages from SearchBots to HackerOne - 6 upvotes, $100
511. creating titleless and non-closable bugs to HackerOne - 6 upvotes, $0
512. Flooding mailbox of user to HackerOne - 6 upvotes, $0
513. harvesting attack on user registration to HackerOne - 6 upvotes, $0
514. Auto Approval of Invitation to join Team as a Team member to HackerOne - 6 upvotes, $0
515. Open-redirect on hackerone.com to HackerOne - 6 upvotes, $0
516. Enumeration/Guess of Private (Invited) Programs to HackerOne - 6 upvotes, $0
517. Making any Report Failed to load to HackerOne - 6 upvotes, $0
518. SPF whitelist of mandrill leads to email forgery to HackerOne - 6 upvotes, $0
519. Reopen Disable Accounts/ Hidden Access After Disable to HackerOne - 6 upvotes, $0
520. Markdown code block sequence makes report unreadable to HackerOne - 6 upvotes, $0
521. Invitation is not properly cancelled while inviting to bug reports. to HackerOne - 6 upvotes, $0
522. Logical Issue (Boosting Reputation points) to HackerOne - 6 upvotes, $0
523. Cross-domain AJAX request to HackerOne - 6 upvotes, $0
524. profile cover can also load external URL's to HackerOne - 6 upvotes, $0
525. Team Member(s) associated with a Group have Read-only permission (Post internal comments) can post comment to all the participants to HackerOne - 6 upvotes, $0
526. Private Program Disclosure in /:handle/reports/draft.json endpoint to HackerOne - 6 upvotes, $0
527. Denial of Service any Report to HackerOne - 6 upvotes, $0
528. Websites opened from reports can change url of report page to HackerOne - 6 upvotes, $0
529. Signals get affected once reports closed as self to HackerOne - 6 upvotes, $0
530. New hacktivity view discloses report IDs of non-public reports to HackerOne - 6 upvotes, $0
531. DOS Report FILE html inside <code> in markdown to HackerOne - 6 upvotes, $0
532. Partial disclosure of undisclosed programs through <meta> tags to HackerOne - 6 upvotes, $0
533. CSV injection in the credentials export to HackerOne - 6 upvotes, $0
534. Team member invitations to sandboxed teams are not invalidated consistently to HackerOne - 5 upvotes, $500
535. Issue with password change to HackerOne - 5 upvotes, $500
536. Improper filtering of classes used in codeblocks in Markdown to HackerOne - 5 upvotes, $0
537. No option to logout concurrent sessions to HackerOne - 5 upvotes, $0
538. Improper way of validating a program to HackerOne - 5 upvotes, $0
539. HTTPS is not enforced for objects stored by HackerOne on Amazon S3 to HackerOne - 5 upvotes, $0
540. Missing spf flags for hackerone.com to HackerOne - 5 upvotes, $0
541. Homograph attack to HackerOne - 5 upvotes, $0
542. Homograph Attack to HackerOne - 5 upvotes, $0
543. Potential denial of service in hackerone.com/<program>/reward_settings to HackerOne - 5 upvotes, $0
544. mailto: link injection on https://hackerone.com/directory to HackerOne - 5 upvotes, $0
545. Email Notification should be get while changing Paypal Email to HackerOne - 5 upvotes, $0
546. Minor Bug: Public un-compiled CSS with original sass, versioning, source map, comments, etc. to HackerOne - 5 upvotes, $0
547. Minimum bounty of a private program is visible for users that were removed from the program to HackerOne - 5 upvotes, $0
548. attack in not an authorized user to HackerOne - 5 upvotes, $0
549. Private Program Disclosure in /:handle/settings/allow_report_submission.json endpoint to HackerOne - 5 upvotes, $0
550. Possible XSS to HackerOne - 5 upvotes, $0
551. Add text to the title of the page "Thanks" to HackerOne - 5 upvotes, $0
552. Spamming any user from Reset Password Function to HackerOne - 5 upvotes, $0
553. HackerOne Important Emails Notification are sent in clear-text to HackerOne - 5 upvotes, $0
554. URL Crashing browser. {Tested on firefox, Chrome and Safari} to HackerOne - 5 upvotes, $0
555. Information Disclosure which violate program privacy to HackerOne - 5 upvotes, $0
556. Edit Auto Response Messages to HackerOne - 4 upvotes, $1000
557. Logic error with notifications: user that has left team continues to receive notifications and can not 'clean' this area on account to HackerOne - 4 upvotes, $500
558. Private Program and bounty details disclosed as part of JSON search response to HackerOne - 4 upvotes, $500
559. Mediation link can be accepted by other users to HackerOne - 4 upvotes, $500
560. Issue with remember_user_token to HackerOne - 4 upvotes, $150
561. Denial of Service to HackerOne - 4 upvotes, $100
562. Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!) to HackerOne - 4 upvotes, $0
563. Arbitrary file uploads to Amazon WS. to HackerOne - 4 upvotes, $0
564. Cache leads to Privacy leaks to HackerOne - 4 upvotes, $0
565. Account Hijacking (Only rare case scenario) to HackerOne - 4 upvotes, $0
566. Window Opener Property Bug to HackerOne - 4 upvotes, $0
567. Breaking Bugs as team member to HackerOne - 4 upvotes, $0
568. Substantially weakened authenticity verification when using 'Remember me for a week' to HackerOne - 4 upvotes, $0
569. Reflected File Download attack allows attacker to 'upload' executables to hackerone.com domain to HackerOne - 4 upvotes, $0
570. Marking notifications as read CSRF bug to HackerOne - 4 upvotes, $0
571. (lack of) smtp transport layer security to HackerOne - 4 upvotes, $0
572. Content Spoofing - External Link Warning Page to HackerOne - 4 upvotes, $0
573. Number of invited researchers disclosed as part of JSON search response to HackerOne - 4 upvotes, $0
574. Content spoofing on invitations page to HackerOne - 4 upvotes, $0
575. HackerOne Private Programs users disclosure and de-anonymous-ize to HackerOne - 4 upvotes, $0
576. Sending emails (via HackerOne) impersonating other users to HackerOne - 4 upvotes, $0
577. Email Address Leak to HackerOne - 4 upvotes, $0
578. Disclosure of private programs that have an "external" page on HackerOne to HackerOne - 4 upvotes, $0
579. Putting link inside link in markdown to HackerOne - 4 upvotes, $0
580. Distinguish EP+Private vs Private programs in HackerOne to HackerOne - 4 upvotes, $0
581. Content Spoofing via reports to HackerOne - 4 upvotes, $0
582. Issue with password change in Disabled Account to HackerOne - 4 upvotes, $0
583. Reputation gain split by company can be used to track the existence of otherwise undisclosed reports to HackerOne - 4 upvotes, $0
584. User with Read-Only permissions can request/approve public disclosure to HackerOne - 3 upvotes, $500
585. User with Read-Only permissions can edit the Internal comment Activities on Bug Reports After Revoke the team access permissions to HackerOne - 3 upvotes, $500
586. Internal bounty and swag details disclosed as part of JSON response to HackerOne - 3 upvotes, $500
587. Potential denial of service in hackerone.com/teams/new to HackerOne - 3 upvotes, $0
588. Fake URL + Additional vectors for homograph attack to HackerOne - 3 upvotes, $0
589. External URL page bypass to HackerOne - 3 upvotes, $0
590. Weak HSTS age in support hackerone site to HackerOne - 3 upvotes, $0
591. Hackerone impersonation to HackerOne - 3 upvotes, $0
592. Abusing HOF rankings in limited circumstances to HackerOne - 3 upvotes, $0
593. CSV Injection via the CSV export feature to HackerOne - 3 upvotes, $0
594. SECURITY: Referencing previous Reports attachment_IDs on new Reports via Draft_Sync DELETES Attachments to HackerOne - 3 upvotes, $0
595. Redirection Page throwing error instead of redirecting to site to HackerOne - 3 upvotes, $0
596. Reverse Tabnabbing Vulnerability in Outgoing Links to HackerOne - 3 upvotes, $0
597. User with Read-Only permissions can manually public disclosure the report to HackerOne - 2 upvotes, $500
598. Notification of previous signed out user leakage. to HackerOne - 2 upvotes, $0
599. Requesting unknown file type returns Ruby object w/ address to HackerOne - 2 upvotes, $0
600. User with Read-Only permissions can edit the SwagAwarded Activities on Bug Reports to HackerOne - 2 upvotes, $0
601. Denial of service in report view. to HackerOne - 2 upvotes, $0
602. Pending member invitations are not revoked on program name change to HackerOne - 2 upvotes, $0