目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,222
关联 CVE
1,855
参与项目数
342
近 7 天新增
5
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored XSS | api.mapbox.com | IE 11 | Styles name
Mapbox Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-01-21
[node-red] Stored XSS within Flow's - "Name" field
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15607
Medium
2020-01-11
[seeftl] Stored XSS when directory listing via filename.
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15603
Medium
2019-12-31
Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-19
Stored XSS in https://app.mopub.com
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-17
Persistent XSS on favorite via filename
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-12
XSS On Nextcloud Integrated with zimbra drive
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-11
H1514 Stored XSS in Return Magic App portal content
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-08
Stored XSS in private message
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-08
H1514 Stored XSS on Wholesale sales channel allows cross-organization data leakage
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-11-01
Stored XSS vulnerability in comments on *.wordpress.com
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-10-21
[FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II
WordPress Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-10-11
Stored XSS in localhost:* via integrated torrent downloader
Brave Software Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15782
Medium
2019-09-24
Blind Stored XSS In "Report a Problem" on www.data.gov/issue/
GSA Bounty Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-08-07
[http-file-server] Stored XSS in the filename when directories listing
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-5458
Medium
2019-07-24
BUG XSS IN "ADD IMAGES"
Imgur Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-18
Stored XSS via Create Project (Add new translation project)
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-09
Self-Stored XSS - Chained with login/logout CSRF
Eternal Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-03
Stored XSS @ /engage/<project_slug>
Weblate Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-02
[takeapeek] XSS via HTML tag injection in directory lisiting page
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-07-01
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239