目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1110

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,250
关联 CVE
1,864
参与项目数
343
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Vimeo Search - XSS Vulnerability [http://vimeo.com/search]
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-01-23
xss in /browse/contacts/
Openfolio Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-01-14
APIs for channels allow HTML entities that may cause XSS issue
Vimeo Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-01-08
Cross-site Scripting in mailing (username)
RelateIQ Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-12-27
XSS in fabric.io
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-12-23
DOM Cross-Site Scripting ( XSS )
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-12-03
XSS platform.twitter.com | video-js metadata
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-11-17
XSS platform.twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-11-17
ads.twitter.com xss
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-11-17
Stored Cross-Site Scripting Vulnerability in /admin.php?/cp/admin_system/general_configuration
ExpressionEngine Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-11-17
URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-11-03
XSS in 3rd party plugin (not affecting Uzbey's users)
Uzbey Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-11-02
Cross site scripting on ads.twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-10-16
Persistent Cross Site Scripting within the IRCCloud Pastebin
IRCCloud Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-10-01
Cross Site Scripting (Stored)
ExpressionEngine Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-09-30
Stored xss
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-09-27
Multiple issues in looking-glass software (aka from web to BGP injections)
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2014-3926CVE-2014-3927CVE-2014-3928CVE-2014-3929CVE-2014-3930CVE-2014-3931
Unknown
2014-09-17
Suffix of url-path is vulnerable to XSS-attack
Khan Academy Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-09-16
Content spoofing
Phabricator Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-09-11
Reflected cross site scripting in login page
StopTheHacker Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-09-07
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239