目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,222
关联 CVE
1,855
参与项目数
342
近 7 天新增
3
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS via Kroki diagram
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-06-02
Stored XSS in merge request pages
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-05-30
RichText parser vulnerability in scheduled posts allows XSS
Reddit Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-04-20
Cache Poisoning Allows Stored XSS Via hav Cookie Parameter (To Account Takeover)
Expedia Group Bug Bounty Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-04-01
Stored-XSS with CSP-bypass via labels' color
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-02-19
Bypass: Stored-XSS with CSP-bypass via scoped labels' color
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2023-02-19
Cross-site scripting on algorithm collaborator
Quantopian Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-12-21
New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2022-1948
High
2022-11-16
XSS in SocialIcon Link
Linktree Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-10-31
Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2022-35251
High
2022-09-22
STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-09-14
Stored XSS at https://█████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-09-06
Stored XSS for Grafana dashboard URL
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-07-13
Stored XSS on issue comments and other pages which contain notes
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-06-08
Stored XSS in Notes (with CSP bypass for gitlab.com)
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-05-25
Stored XSS in photos_user_map.gne
Flickr Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-05-23
Blind XSS via Feedback form.
Judge.me Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-05-03
Stored XSS in merge request creation page through payload in approval rule name
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-03-31
Stored XSS through PDF viewer
Slack Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-03-16
XSS via Mod Log Removed Posts
Reddit Cross-site Scripting (XSS) - Stored (CWE-79)
High
2022-03-10
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239