目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,221
关联 CVE
1,854
参与项目数
342
近 7 天新增
5
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Mattermost Server OAuth Flow Cross-Site Scripting
Mattermost Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-37859
High
2021-08-06
Cross site scripting
Informatica Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2021-05-17
Reflected/Stored XSS on duckduckgo.com
DuckDuckGo Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2021-04-10
Reflected XSS on transact.playstation.com using postMessage from the opening window
PlayStation Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2021-03-30
Download full backup and Cross site scripting
ImpressCMS Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2020-12-06
Cross-Site-Scripting on www.tiktok.com and m.tiktok.com leading to Data Exfiltration
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2020-11-19
Reflected XSS on a Atavist theme at external_import.php
Automattic Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2020-11-18
SafeParamsHelper::safe_params is not so safe
GitLab Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2020-11-02
Cross-site Scripting (XSS) - Reflected
8x8 Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2020-07-07
Reflected cross-site scripting vulnerability on a DoD website
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2020-05-14
The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.
OWOX, Inc. Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2019-12-09
Reflected XSS
OWOX, Inc. Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2019-12-09
Reflective Cross-site Scripting via Newsletter Form
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2019-10-11
Reflected XSS on https://make.wordpress.org via 'channel' parameter
WordPress Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2019-08-26
Reflected XSS on $Any$.myshopify.com/admin
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2018-11-13
Reflected XSS on secure.chaturbate.com
Chaturbate Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2018-10-18
Reflected XSS
Ubiquiti Inc. Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2018-09-25
Reflected XSS в /al_audio.php
VK.com Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2018-05-22
[bracket-template] Reflected XSS possible when variable passed via GET parameter is used in template
Node.js third-party modules Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2018-04-09
Reflected XSS in admin settings
Deconf Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2018-02-24
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239