Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: mtn_group✕

Download full backup [Mtn.co.rw]

MTN Group

Critical

2022-05-14

XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-05-01

XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-05-01

xss on [developers.mtn.com]

MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2022-04-19

Insecure Storage of Sensitive Information on lonestarcell.com server

MTN Group Insecure Storage of Sensitive Information (CWE-922)

Critical

2022-04-09

Insecure crossdomain.xml on https://vdc.mtnonline.com/

MTN Group Information Disclosure (CWE-200)

High

2022-03-20

Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history

MTN Group Information Disclosure (CWE-200)

Medium

2022-03-20

PHP Info Exposing Secrets at https://radio.mtn.bj/info

MTN Group Information Disclosure (CWE-200)

High

2022-03-08

Reflected XSS on dailydeals.mtn.co.za

MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2021-12-24

Reflected XSS at dailydeals.mtn.co.za

MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2021-12-24

HTML injection in email content during registration via FirstName/LastName parameter

MTN Group Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Medium

2021-12-18

RXSS - http://macademy.mtnonline.com

MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)

Medium

2021-12-11

Missing captcha and rate limit protection in help form

MTN Group Improper Input Validation (CWE-20)

Medium

2021-12-11

[mtn.com.af] Multiple vulnerabilities allow to Application level DoS

MTN Group Business Logic Errors (CWE-840)CVE-2018-6389

High

2021-09-28

Reflected Cross-Site scripting in : mtn.bj

MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)

High

2021-09-26

[play.mtn.co.za] Application level DoS via xmlrpc.php

MTN Group Business Logic Errors (CWE-840)

Medium

2021-09-10

SQL injection [futexpert.mtngbissau.com]

MTN Group SQL Injection (CWE-89)

High

2021-09-09

blind sql on [selfcare.mtn.com.af]

MTN Group SQL Injection (CWE-89)

Medium

2021-09-09

RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh]

MTN Group Code Injection (CWE-94)

High

2021-09-09

Unauthenticated Arbitrary File Deletion (CVE-2020-3187)

MTN Group Path Traversal (CWE-22)CVE-2020-3187

High

2021-08-29

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence