目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1110

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,247
关联 CVE
1,864
参与项目数
343
近 7 天新增
21
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
refelected Xss on https://gmid.gm.com/gmid/jsp/GMIDInitialLogin.jsp
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-30
Reflected Cross Site Script in m.chevrolet.com.wpsegment5.gm.com
General Motors Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-30
Html Injection and Possible XSS in sms-be-vip.twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-28
File Upload XSS in image uploading of App in mopub
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-25
Cross Site Scripting In Profile Statement
Gratipay Cross-site Scripting (XSS) - Generic (CWE-79)
None
2016-08-23
XSS On meta tags in profile page
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-21
XSS At "pages.et.uber.com"
Uber Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-19
Multiple XSS in Camptix Event Ticketing Plugin
Ian Dunn Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-18
XSS in Tagregator plugin
Ian Dunn Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-18
XSS on zomato.com
Eternal Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-14
XSS in the "Poll" Feature on Twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-12
Stored XSS on developer.uber.com via admin account compromise
Uber Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-12
Reflected XSS in scores.ubnt.com
Ubiquiti Inc. Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-11
WordPress core stored XSS via attachment file name
Automattic Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-05
[Stored Cross-Site-Scripting] When search about Incoming ( Manual Jurnal )
Moneybird Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-05
Stored xss
Algolia Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-03
Several XSS affecting Zomato.com and developers.zomato.com
Eternal Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-02
XSS onmouseover
Eternal Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-02
Two XSS vulns in widget parameters (all_collections.php and o2.php)
Eternal Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-02
HTML in Diffusion not escaped in certain circumstances
Phabricator Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-08-01
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239