readme.md
January 20, 2023 · View on GitHub
Title
Inject page in admin panel via Shopify.API.pushState [New Payload]
URL
https://hackerone.com/reports/883867
Severity score
null
Reporter
tems
Bounty paid
$500
Title
XSS on https://account.mail.ru/login via postMessage
URL
https://hackerone.com/reports/269349
Severity score
null
Reporter
buglloc
Bounty paid
$500
Title
DOM-based Cross-Site Scripting in redirect url checkout
URL
https://hackerone.com/reports/299924
Severity score
null
Reporter
beurtschipper
Bounty paid
null
Title
dom based xss in *.zendesk.com/external/zenbox/
URL
https://hackerone.com/reports/227298
Severity score
null
Reporter
sergeym
Bounty paid
$100
Title
[parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/
URL
https://hackerone.com/reports/248560
Severity score
null
Reporter
vichaarya
Bounty paid
$200
Title
XSS on opening malicious OpenOffice presentation document
URL
https://hackerone.com/reports/894919
Severity score
4.6
Reporter
skr0x1c0
Bounty paid
$400
Title
XSS on opening a malicious OpenOffice text document
URL
https://hackerone.com/reports/894915
Severity score
5.4
Reporter
skr0x1c0
Bounty paid
$400
Title
XSS в названии сервера
URL
https://hackerone.com/reports/262010
Severity score
null
Reporter
pisarenko
Bounty paid
null
Title
DOM XSS at www.forescout.com in Microsoft Edge and IE Browser
URL
https://hackerone.com/reports/704266
Severity score
4.7
Reporter
enesdexh1
Bounty paid
$1,000
Title
[account.mail.ru] XSS на странице восстановления пароля
URL
https://hackerone.com/reports/360787
Severity score
null
Reporter
s_p_q_r
Bounty paid
$500
Title
Dom based xss on https://www.rockstargames.com/ via returnUrl parameter
URL
https://hackerone.com/reports/505157
Severity score
5.4
Reporter
netfuzzer
Bounty paid
$750
Title
Reflected DOM-Based XSS On Due Lack Filter On Parameter ?next
URL
https://hackerone.com/reports/545121
Severity score
null
Reporter
elmahdi
Bounty paid
null
Title
Admin bar: Incomplete message origin validation results in XSS
URL
https://hackerone.com/reports/387544
Severity score
null
Reporter
palant
Bounty paid
$500
Title
[BugPOC and Amazon XSS CTF writeup] A CSP Bypass Story
URL
https://hackerone.com/reports/1026752
Severity score
null
Reporter
d3f4u17
Bounty paid
null
Title
DOM-based XSS in store.starbucks.co.uk on IE 11
URL
https://hackerone.com/reports/241619
Severity score
2.4
Reporter
albinowax
Bounty paid
$100
Title
слепая XSS в админ панели torg.mail.ru через отзыв
URL
https://hackerone.com/reports/366518
Severity score
null
Reporter
pisarenko
Bounty paid
$500
Title
Tinymce 2.4.0
URL
https://hackerone.com/reports/262230
Severity score
4.8
Reporter
jelmer
Bounty paid
$2,000
Title
DOM-Based XSS in tumblr.com
URL
https://hackerone.com/reports/882546
Severity score
null
Reporter
keer0k
Bounty paid
$350
Title
dom based xss on [hello.merchant.razer.com]
URL
https://hackerone.com/reports/767944
Severity score
null
Reporter
root0x0
Bounty paid
$500
Title
[account.mail.ru] XSS на странице удаления аккаунта через backUrl
URL
https://hackerone.com/reports/360191
Severity score
null
Reporter
s_p_q_r
Bounty paid
$500
Title
DOM XSS at https://www.thx.com in IE/Edge browser
URL
https://hackerone.com/reports/702981
Severity score
4.2
Reporter
enesdexh1
Bounty paid
$250
Title
XSS on opening malicious OpenOffice presentation document
URL
https://hackerone.com/reports/894918
Severity score
4.6
Reporter
skr0x1c0
Bounty paid
$400
Title
█████ - DOM-based XSS
URL
https://hackerone.com/reports/377264
Severity score
null
Reporter
yumi
Bounty paid
null
Title
[XSS] iframe в payments/phones
URL
https://hackerone.com/reports/496757
Severity score
8.6
Reporter
secator
Bounty paid
$500
Title
DOM Based XSS charting_library
URL
https://hackerone.com/reports/351275
Severity score
null
Reporter
bobrov
Bounty paid
$500
Title
Self DOM-Based XSS in www.hackerone.com
URL
https://hackerone.com/reports/406587
Severity score
null
Reporter
adac95
Bounty paid
null
Title
Cross-site Scripting (XSS) on HackerOne careers page
URL
https://hackerone.com/reports/474656
Severity score
2.4
Reporter
khoiasd
Bounty paid
$500
Title
DOM XSS on 50x.html page on proxy.duckduckgo.com
URL
https://hackerone.com/reports/426275
Severity score
null
Reporter
smither
Bounty paid
null
Title
XSS - Guard - Insufficient escaping of User-IDs from PGP Keys
URL
https://hackerone.com/reports/788691
Severity score
4.3
Reporter
zhutyra
Bounty paid
$500
Title
XSS on Issue reference numbers
URL
https://hackerone.com/reports/831962
Severity score
null
Reporter
yvvdwf
Bounty paid
$1,500
Title
DOM XSS via Shopify.API.remoteRedirect
URL
https://hackerone.com/reports/576532
Severity score
null
Reporter
yxw21
Bounty paid
$500
Title
xss found in zomato
URL
https://hackerone.com/reports/240989
Severity score
6.2
Reporter
rasi-ras
Bounty paid
null
Title
Cross site scripting (content-sniffing)
URL
https://hackerone.com/reports/363845
Severity score
null
Reporter
said778
Bounty paid
null
Title
[XSS] postMessage в jsapi/button
URL
https://hackerone.com/reports/503707
Severity score
null
Reporter
secator
Bounty paid
$500
Title
DOM based XSS on /GTAOnline/tw/starterpack/
URL
https://hackerone.com/reports/508517
Severity score
null
Reporter
netfuzzer
Bounty paid
$750
Title
DOM Based XSS In mercantile.wordpress.org
URL
https://hackerone.com/reports/230435
Severity score
5.4
Reporter
pabster
Bounty paid
$275
Title
Solution for XSS challenge wacky.buggywebsite.com
URL
https://hackerone.com/reports/1028261
Severity score
null
Reporter
d1r3wolf
Bounty paid
$100
Title
DOMXSS in redirect param
URL
https://hackerone.com/reports/361287
Severity score
null
Reporter
flamezzz
Bounty paid
$750
Title
XSS via Direct Message deeplinks
URL
https://hackerone.com/reports/341908
Severity score
null
Reporter
0xsobky
Bounty paid
$2,940
Title
DOM XSS on duckduckgo.com search
URL
https://hackerone.com/reports/876148
Severity score
6.4
Reporter
cujanovic
Bounty paid
null
Title
self XSS на странице https://aw.mail.ru/pin/
URL
https://hackerone.com/reports/582810
Severity score
null
Reporter
funt0m
Bounty paid
null
Title
DOM XSS on duckduckgo.com search
URL
https://hackerone.com/reports/921635
Severity score
null
Reporter
sijisu
Bounty paid
null
Title
DOM Based XSS in www.hackerone.com via PostMessage
URL
https://hackerone.com/reports/398054
Severity score
3.1
Reporter
adac95
Bounty paid
$500
Title
[Web ICQ Client] XSS-inj in polls
URL
https://hackerone.com/reports/785785
Severity score
7
Reporter
rainbow_json
Bounty paid
$1,000
Title
Solution for XSS challenge calc.buggywebsite.com
URL
https://hackerone.com/reports/954249
Severity score
null
Reporter
d1r3wolf
Bounty paid
null
Title
DOM XSS in edoverflow.com/tools/respond due to unsafe usage of the innerHTML property.
URL
https://hackerone.com/reports/341969
Severity score
null
Reporter
karel_origin
Bounty paid
null
Title
DOM XSS on 50x.html page
URL
https://hackerone.com/reports/405191
Severity score
null
Reporter
cujanovic
Bounty paid
null
Title
XSS in vk.link
URL
https://hackerone.com/reports/1025125
Severity score
null
Reporter
persewerance
Bounty paid
$300
Title
DOM-based XSS on https://zest.co.th/zestlinepay/
URL
https://hackerone.com/reports/784112
Severity score
5.4
Reporter
nnez
Bounty paid
$200
Title
XSS on e.mail.ru via postMessage
URL
https://hackerone.com/reports/301794
Severity score
null
Reporter
obmi
Bounty paid
$500
Title
██████ DOM XSS via Shopify.API.remoteRedirect
URL
https://hackerone.com/reports/646505
Severity score
null
Reporter
yxw21
Bounty paid
$500
Title
█████ - DOM-based XSS
URL
https://hackerone.com/reports/376027
Severity score
null
Reporter
yumi
Bounty paid
null
Title
Inject page in admin panel via Shopify.API.pushState
URL
https://hackerone.com/reports/662083
Severity score
null
Reporter
tems
Bounty paid
$500
Title
DOM-based XSS on youporn.com (main page)
URL
https://hackerone.com/reports/221883
Severity score
null
Reporter
sp1d3rs
Bounty paid
$250
Title
Persistent XSS via e-mail when creating merge requests
URL
https://hackerone.com/reports/496973
Severity score
null
Reporter
mario-areias
Bounty paid
$750
Title
Xss was found by exploiting the URL markdown on http://store.steampowered.com
URL
https://hackerone.com/reports/313250
Severity score
null
Reporter
kenziy
Bounty paid
$1,000
Title
XSS in biz.mail.ru/error
URL
https://hackerone.com/reports/268245
Severity score
null
Reporter
chaosbolt
Bounty paid
$500
Title
DOM XSS on https://www.███████
URL
https://hackerone.com/reports/922496
Severity score
null
Reporter
gamer7112
Bounty paid
null
Title
[wakatime.com] HTML Injection github-btn.html
URL
https://hackerone.com/reports/248588
Severity score
null
Reporter
bobrov
Bounty paid
null
Title
Dom based xss affecting all pages from https://www.grab.com/.
URL
https://hackerone.com/reports/247246
Severity score
6.1
Reporter
netfuzzer
Bounty paid
$200
Title
[█████] — DOM-based XSS on endpoint /?s=
URL
https://hackerone.com/reports/708592
Severity score
null
Reporter
usamasood
Bounty paid
null
Title
XSS on .myshopify.com/admin/ and partners.shopify.com via whitelist bypass in SVG icon for sales channel applications
URL
https://hackerone.com/reports/232174
Severity score
null
Reporter
bored-engineer
Bounty paid
$5,000
Title
XSS on "widgets.shopifyapps.com" via "stripping" attribute and "shop" parameter
URL
https://hackerone.com/reports/246794
Severity score
null
Reporter
bored-engineer
Bounty paid
$1,000
Title
XSS on Desktop Client
URL
https://hackerone.com/reports/473950
Severity score
5.4
Reporter
u3mur4
Bounty paid
$1,000
Title
Preview bar: Incomplete message origin validation results in XSS
URL
https://hackerone.com/reports/381192
Severity score
5.2
Reporter
palant
Bounty paid
$1,000
Title
DOM Based XSS in mycrypto.com
URL
https://hackerone.com/reports/324303
Severity score
null
Reporter
bigshaq
Bounty paid
null
Title
DOM Based XSS via postMessage at https://inventory.upserve.com/login/
URL
https://hackerone.com/reports/603764
Severity score
7.1
Reporter
gamer7112
Bounty paid
$2,500
Title
CVE-2019-19935 - DOM based XSS in the froala editor
URL
https://hackerone.com/reports/938683
Severity score
null
Reporter
chackal
Bounty paid
null
Title
[GitHub Extension] Unsanitised HTML leading to XSS on GitHub.com
URL
https://hackerone.com/reports/220494
Severity score
null
Reporter
ysx
Bounty paid
$200
Title
XSS Challenge #2 Solution
URL
https://hackerone.com/reports/953873
Severity score
null
Reporter
bad5ect0r
Bounty paid
null
Title
Cross-site Scripting (XSS) - DOM on https://account.mail.ru/user/garage?back_url=https://mail.ru
URL
https://hackerone.com/reports/996303
Severity score
8.6
Reporter
magzhan
Bounty paid
$1,000
Title
XSS в колбек апи в сообществах
URL
https://hackerone.com/reports/261966
Severity score
null
Reporter
pisarenko
Bounty paid
$500
Title
Seven DOM-Based XSS Vulnerabilities | Execution in Login Sequence
URL
https://hackerone.com/reports/508228
Severity score
5.4
Reporter
stealthy
Bounty paid
null
Title
XSS via message subject - mobile application
URL
https://hackerone.com/reports/368912
Severity score
7.1
Reporter
almaco
Bounty paid
$1,000
Title
H1514 DOM XSS on checkout.shopify.com via postMessage handler on /:id/sandbox/google_maps
URL
https://hackerone.com/reports/423218
Severity score
null
Reporter
bored-engineer
Bounty paid
$500
Title
Dom based xss on /reddeadredemption2/br/videos
URL
https://hackerone.com/reports/488108
Severity score
6.1
Reporter
netfuzzer
Bounty paid
$750
Title
XSS e.mail.ru fixSpecialSymbols
URL
https://hackerone.com/reports/346219
Severity score
null
Reporter
shafigullin
Bounty paid
$500
Title
XSS в комментариях от имени сообщества
URL
https://hackerone.com/reports/264445
Severity score
null
Reporter
flyink
Bounty paid
$500
Title
dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)
URL
https://hackerone.com/reports/261571
Severity score
null
Reporter
netfuzzer
Bounty paid
$500
Title
Stored XSS and html injection in biz.mail.ru
URL
https://hackerone.com/reports/267783
Severity score
0
Reporter
chaosbolt
Bounty paid
$250
Title
[Web ICQ Client] XSS уязвимость в имени пользователя
URL
https://hackerone.com/reports/786822
Severity score
6.3
Reporter
rainbow_json
Bounty paid
$1,000
Title
[XSS] Pasting bootstrap in mail compose
URL
https://hackerone.com/reports/331975
Severity score
null
Reporter
secator
Bounty paid
$300
Title
Double linking cause XSS (but blokeced by CSP in gitlab.com)
URL
https://hackerone.com/reports/729341
Severity score
null
Reporter
ooooooo_q
Bounty paid
null
Title
DOM based CSS Injection on grammarly.com
URL
https://hackerone.com/reports/500436
Severity score
null
Reporter
gamer7112
Bounty paid
$250
Title
DOM-based XSS on mobile.line.me
URL
https://hackerone.com/reports/736272
Severity score
8.1
Reporter
zophi
Bounty paid
$1,989.50
Title
[html-janitor] Passing user-controlled data to clean() leads to XSS
URL
https://hackerone.com/reports/308155
Severity score
9.8
Reporter
bayotop
Bounty paid
null
Title
XSS via Cookie in e.mail.ru
URL
https://hackerone.com/reports/312548
Severity score
null
Reporter
obmi
Bounty paid
$350
Title
DOM based XSS on /GTAOnline/de/news/article via "returnUrl" parameter
URL
https://hackerone.com/reports/508475
Severity score
5.4
Reporter
netfuzzer
Bounty paid
$750
Title
DOM based Cross-site Scripting
URL
https://hackerone.com/reports/954613
Severity score
null
Reporter
ivarsvids
Bounty paid
null
Title
Universal Cross-Site Scripting in Keybase Chrome extension
URL
https://hackerone.com/reports/232432
Severity score
6.1
Reporter
jupenur
Bounty paid
$500
Title
[reveal.js] XSS by calling arbitrary method via postMessage
URL
https://hackerone.com/reports/691977
Severity score
5.4
Reporter
s_p_q_r
Bounty paid
null
Title
Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode
URL
https://hackerone.com/reports/799739
Severity score
5.2
Reporter
netfuzzer
Bounty paid
$750
Title
Inject page in admin panel via Shopify.API.pushState with protocol invalid
URL
https://hackerone.com/reports/868615
Severity score
null
Reporter
tems
Bounty paid
$500
Title
Prevent XSS when passing a parameter directly into link_to
URL
https://hackerone.com/reports/755354
Severity score
null
Reporter
speleding
Bounty paid
null
Title
DOM XSS on 1.1.1.1(one.one.one.one)
URL
https://hackerone.com/reports/418078
Severity score
6.1
Reporter
cujanovic
Bounty paid
null
Title
DOM Based XSS in www.hackerone.com via PostMessage (bypass of #398054)
URL
https://hackerone.com/reports/499030
Severity score
3.1
Reporter
honoki
Bounty paid
$565
Title
CSS Injection on /embed/ via bgcolor parameter leaks user's CSRF token and allows for XSS
URL
https://hackerone.com/reports/386334
Severity score
null
Reporter
nahamsec
Bounty paid
$999.99
Title
XSS in touch.mail.ru
URL
https://hackerone.com/reports/409440
Severity score
7.4
Reporter
saiyajin
Bounty paid
$500
Title
DOM XSS triggered in secure support desk
URL
https://hackerone.com/reports/512065
Severity score
10
Reporter
honoki
Bounty paid
$500
Title
Warehouse dom based xss may lead to Social Club Account Taker Over.
URL
https://hackerone.com/reports/663312
Severity score
7.6
Reporter
netfuzzer
Bounty paid
$750
Title
H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing
URL
https://hackerone.com/reports/422043
Severity score
8.1
Reporter
filedescriptor
Bounty paid
$5,000
Title
XSS: Group search terms
URL
https://hackerone.com/reports/396370
Severity score
null
Reporter
jameelnabbo
Bounty paid
$300
Title
[account.mail.ru] XSS-уязвимость в форме авторизации
URL
https://hackerone.com/reports/889874
Severity score
null
Reporter
rainbow_json
Bounty paid
$1,000
Title
DOM Based xss on https://www.rockstargames.com/ ( 1 )
URL
https://hackerone.com/reports/475442
Severity score
null
Reporter
netfuzzer
Bounty paid
$850
Title
DOM based XSS in the WooCommerce plugin
URL
https://hackerone.com/reports/507139
Severity score
5.4
Reporter
wild0ni0n
Bounty paid
$275
Title
XSS touch.mail.ru compose Body
URL
https://hackerone.com/reports/344049
Severity score
null
Reporter
shafigullin
Bounty paid
$500
Title
DOM XSS on app.starbucks.com via ReturnUrl
URL
https://hackerone.com/reports/526265
Severity score
5.7
Reporter
gamer7112
Bounty paid
$250
Title
DOM Based XSS at docs.8x8.com
URL
https://hackerone.com/reports/895917
Severity score
4.7
Reporter
wh0ru
Bounty paid
null
Title
DOM XSS on https://www.rockstargames.com/GTAOnline/feedback
URL
https://hackerone.com/reports/803934
Severity score
null
Reporter
netfuzzer
Bounty paid
$1,250
Title
self-xss with ClickJacking can leads to account takeover in Firefox
URL
https://hackerone.com/reports/892289
Severity score
null
Reporter
keer0k
Bounty paid
$100
Title
XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"
URL
https://hackerone.com/reports/231053
Severity score
null
Reporter
bored-engineer
Bounty paid
$3,000
Title
XSS at go.mail.ru
URL
https://hackerone.com/reports/846931
Severity score
6.1
Reporter
adiosmf
Bounty paid
null
Title
Possible DOM XSS on app.hey.com
URL
https://hackerone.com/reports/1010132
Severity score
null
Reporter
enigmaticjohn
Bounty paid
$1,000
Title
pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss
URL
https://hackerone.com/reports/241198
Severity score
null
Reporter
kenziy
Bounty paid
$750
Title
Cross-site Scripting (XSS) - DOM - iqcard.informatica.com
URL
https://hackerone.com/reports/1004833
Severity score
8.4
Reporter
nullfil3
Bounty paid
null
Title
DOM XSS via Shopify.API.Modal.initialize
URL
https://hackerone.com/reports/602767
Severity score
null
Reporter
tems
Bounty paid
$500
Title
DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features
URL
https://hackerone.com/reports/479612
Severity score
null
Reporter
netfuzzer
Bounty paid
$750
Title
[htmr] DOM-based XSS
URL
https://hackerone.com/reports/753971
Severity score
6.5
Reporter
visat
Bounty paid
null
Title
Unfiltered class attribute in markdown code
URL
https://hackerone.com/reports/216453
Severity score
5.4
Reporter
chalker
Bounty paid
null