barriekempettes.ca XSS vulnerability

Open Bug Bounty ID: OBB-456497 Description| Value ---|--- Affected Website:| barriekempettes.ca Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

secure.azulstar.com XSS vulnerability

Open Bug Bounty ID: OBB-446802 Description| Value ---|--- Affected Website:| secure.azulstar.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...

epost.ca XSS vulnerability

Open Bug Bounty ID: OBB-429236 Description| Value ---|--- Affected Website:| epost.ca Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

stuart.training XSS vulnerability

Open Bug Bounty ID: OBB-417556 Description| Value ---|--- Affected Website:| stuart.training Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ohpadmin.com XSS vulnerability

Open Bug Bounty ID: OBB-385178 Description| Value ---|--- Affected Website:| ohpadmin.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Infogram: Weak Password Policy on Signup

Hi Team, i would like to let you know about password management issue. PoC: 1. Navigate to signup page. 2. Fill you details and give password as simple as 123123. 3. You can see you will be registered and there is no strong enforcement. Fix: Use complex password management. Regards, Mr.R3boot...

New Relic: Captcha Bypass on SignUp Form

The g-recaptcha-response parameter was not validated on the server side when submitting a form to the /signups endpoint. Any or no value could be provided for this parameter...

forvo.com XSS vulnerability

Vulnerable URL: https://forvo.com/signup/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7561 VIP website status:| Yes Coordinated Disclosure Timeline: Description| Value ---|---...

Public Transportation eTraffic App Has Logic Design Flaws

Bus eLutong is a free smartphone-based real-time bus information query software officially released by Beijing Public Transportation Group. There is a logical design vulnerability in Bus eLutong App, which allows an attacker to arbitrarily register a user and reset any user's password by grabbing...

Hiro: Cross site request forgery

An e-mail signup form does not check CSRF tokens. This would allow the creation of click-able links which perform an e-mail signup. Because the e-mail signup form does not pass any sensitive information, nor perform any state changes on behalf of a user, this is not a vector for attack...

sezion.com XSS vulnerability

Vulnerable URL: https://sezion.com/signup?type=FREE%22%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 868920 VIP website status:| N...

GSA Bounty: [api.data.gov] Leak Valid API With out Verification -

Description Remote attackers are able to retrieve a valid working api key with random Generation Process without a secure parsing or secure channel , human verification ..etc . the current proccess for requesting any api key is with signup form , and message with api delivered privately to user ,...

logz.io XSS vulnerability

Open Bug Bounty ID: OBB-264620 Description| Value ---|--- Affected Website:| logz.io Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Coinbase: Captcha Bypass in Coinbase SignUp Form

Vulnerability description: The g-recaptcha-response is not validated on the server-side when submitting a Signup form to the endpoint. Any or no value can be provided for this header Step to reproduce: 1. https://www.coinbase.com/signup 2. Fill the input field and Validate the captcha. 3. Trun on...

salesgossip.co.uk XSS vulnerability

Vulnerable URL: https://www.salesgossip.co.uk/signup?bl=/shop/next?sf=13031source=Googlemedium=CPCcampaign=Next=%20%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22=sgwebcpcgoogle=female=+\" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerabilit...

shopinas.com XSS vulnerability

Vulnerable URL: http://www.shopinas.com/signup/shopper Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 939934 VIP website status:| No Check shopinas.com SSL connection:| Grade: F...

hollywoodfotofix.com XSS vulnerability

Vulnerable URL: https://www.hollywoodfotofix.com/dealer/signup.php?action=add="--!"=0=====add1=add2=city=stateCode=otherState=code=countryCode=phone=fax=mobile=clientTypeID=9= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerabili...

Coinbase: Csrf bug on signup session

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, researchers are more likely to earn a larger bounty by explaining how a vulnerability can be exploited to cause harm to Coinbase or its users. Summary: CSRF bug on coinbase...

Starbucks: Host header injection/redirection via newsletter signup

Good evening, There's a host header injection vulnerability via all newsletter signups in the referrer attribute. This works with all pages that have "Join our email list" signup boxes. Since the referrer attribute can be changed to an outside domain the email being received redirects all links...

Unauthorised New User Signup

fatfreecrm is susceptible to unauthorised new user signup. The vulnerability exists because userscontroller does not prevent creation of a new user signup using crafted POST request...