目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,222
关联 CVE
1,855
参与项目数
342
近 7 天新增
5
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-19
Stored XSS in https://app.mopub.com
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-17
Markdown parsing issue enables insertion of malicious tags
Phabricator Cross-site Scripting (XSS) - Stored (CWE-79)
Unknown
2019-12-13
Persistent XSS on favorite via filename
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-12
Stored XSS on Wordpress 5.3 via Title Post
WordPress Cross-site Scripting (XSS) - Stored (CWE-79)
High
2019-12-10
XSS on product comments in transfers
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2019-12-09
Account takeover through the combination of cookie manipulation and XSS
Superhuman (formerly Grammarly) Cross-site Scripting (XSS) - Stored (CWE-79)
High
2019-12-03
stored xss in https://www.smule.com
Smule Cross-site Scripting (XSS) - Stored (CWE-79)
High
2019-11-12
XSS On Nextcloud Integrated with zimbra drive
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-11
H1514 Stored XSS in Return Magic App portal content
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-08
Stored XSS in private message
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-08
H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-01
Stored XSS vulnerability in comments on *.wordpress.com
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-10-21
Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://*your-subdomain*.survey.fm
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
High
2019-10-21
[FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II
WordPress Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-10-11
The return of the <
Rockstar Games Cross-site Scripting (XSS) - Stored (CWE-79)
High
2019-09-24
Stored XSS in localhost:* via integrated torrent downloader
Brave Software Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15782
Medium
2019-09-24
[http_server] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2019-09-13
Stored XSS in Wiki pages
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5467
High
2019-09-02
Blind Stored XSS In "Report a Problem" on www.data.gov/issue/
GSA Bounty Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-08-07
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239