目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,220
关联 CVE
1,854
参与项目数
342
近 7 天新增
8
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored-XSS in merge requests
GitLab Cross-site Scripting (XSS) - Reflected (CWE-79)
None
2021-07-19
Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-19
Reflected XSS in https://www.topcoder.com/blog/category/community-stories/
Lab45 Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2021-07-12
Reflected XSS at [████████]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
CSRF Based XSS @ https://██████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
[www.███] Reflected Cross-Site Scripting
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
[█████████] Reflected Cross-Site Scripting Vulnerability
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-30
rXSS on https://mackeeperapp.mackeeper.com/landings/download-blue/
Clario Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2021-06-30
Reflected XSS on cz.acronis.com/dekujeme-za-odber-novinek-produktu-disk-director with ability to creating an admin user in WordPress
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-22
Reflected XSS through ClickJacking
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-15
Reflected XSS
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS at www.███████ at /██████████ via the ████████ parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2017-14651
Medium
2021-06-03
Reflected XSS through clickjacking at https://████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS on https://██████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS on /admin/stats.php
Revive Adserver Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-22948
Medium
2021-06-03
Reflected XSS on mtnhottseat.mtn.com.gh
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-05-24
Cross site scripting
Informatica Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2021-05-17
Moodle XSS on evolve.glovoapp.com
Glovo Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-05-12
XSS via X-Forwarded-Host header
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-05-11
DOM Based XSS on https://████ via backURL param
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-05-11
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895