目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,220
关联 CVE
1,854
参与项目数
342
近 7 天新增
7
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS via SMTP Error Message
XVIDEOS Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2025-01-24
Stored XSS on trix editor version 2.1.1
Basecamp Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-34341
High
2024-11-04
Blind XSS on admin.acronis.com via delete account form on account.acronis.com
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-10-30
Stored-XSS-ads.tiktok.com
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2024-10-02
Stored Xss On "https://www.question.com/"
Drugs.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-09-20
Stored XSS in reclamos
MercadoLibre Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-09-09
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link
Internet Bug Bounty Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-41937
Low
2024-09-07
Blind Stored XSS on the internal host - █████████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-08-16
XSS via /api/v1/chat.postMessage
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2024-08-10
XSS in various MessageTypes
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-08-10
Multiple XSS and open HTTP redirection
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-07-16
[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML
Internet Bug Bounty Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-32464
Medium
2024-06-30
Stored XSS filter bypass on discussion forum. "URL" tag.
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-05-28
Stored XSS filter bypass on discussion forum.
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2024-05-28
Stored-XSS injected in Wiki page via Banzai pipeline
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-05-28
Stored XSS in messages
SideFX Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-04-17
Stored XSS on LinkedIn App via iframe tag in Article
LinkedIn Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2024-02-28
Client Side Template Injection to Stored XSS in Image Collection
Mars Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-02-14
Blind Stored XSS in shopify internal Parquet Viewer
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-02-08
HTML injection in search UI when selecting a circle with HTML in the display name
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2023-48301
Low
2023-11-21
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258 $1,730
X / xAI250 $2,500
Uber239 $9,895