Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: stripo✕

[demo.stripo.email] HTTP request Smuggling

Stripo Inc HTTP Request Smuggling (CWE-444)

Medium

2024-02-15

Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo

Stripo Inc Cleartext Transmission of Sensitive Information (CWE-319)

Medium

2024-02-15

Non-revoked API Key Information disclosure via Stripo_report()

Stripo Inc Cleartext Storage of Sensitive Information (CWE-312)

Medium

2022-08-25

Insecure Storage and Overly Permissive API Keys

Stripo Inc Missing Encryption of Sensitive Data (CWE-311)

Medium

2022-03-30

Bypassing Content-Security-Policy leads to open-redirect and iframe xss

Stripo Inc Open Redirect (CWE-601)

Medium

2021-07-30

Stored XSS at Module Name

Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2021-04-12

Stored XSS in the banner block description

Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2021-03-09

Memory Dump and Env Disclosure via Spring Boot Actuator

Stripo Inc Misconfiguration (CWE-16)

Medium

2021-03-02

Bypass of #1047119: Missing Rate Limit while creating Plug-Ins at https://my.stripo.email/cabinet/plugins/

Stripo Inc Business Logic Errors (CWE-840)

Medium

2021-01-13

No rate limit in email subscription

Stripo Inc Business Logic Errors (CWE-840)

Medium

2021-01-11

No rate limiting - Create data

Stripo Inc Business Logic Errors (CWE-840)

Medium

2021-01-05

No rate limiting - Create Plug-ins

Stripo Inc Business Logic Errors (CWE-840)

Medium

2021-01-05

Stored XSS at "Conditions " through "My Custom Rule" Field at [https://my.stripo.email/cabinet/#/template-editor/] in Template Editor.

Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2020-12-24

Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'.

Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2020-12-24

No rate limiting for confirmation email lead to huge Mass mailings

Stripo Inc Business Logic Errors (CWE-840)

Medium

2020-12-11

Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo

Stripo Inc Cleartext Storage of Sensitive Information (CWE-312)

Medium

2020-12-04

No rate limiting for subscribe email + lead to Cross origin misconfiguration

Stripo Inc Business Logic Errors (CWE-840)

Medium

2020-11-30

Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri

Stripo Inc Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)

Medium

2020-11-09

SSL cookie without secure flag set

Stripo Inc

Medium

2020-10-13

Public and secret api key leaked in JavaScript source

Stripo Inc Cleartext Storage of Sensitive Information (CWE-312)

Medium

2020-09-29

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence