Deriv.com: Cross site scripting

anon-j reported a valid cross site scripting issue in one of our subdomains...

Deriv.com: CJ vulnerability in subdomain

Ameer Assadi pointed out at one of our subdomain did not have clickjacking protection which had dynamic contents. WriteUp - http://ameeras.me/Binary-Clickjacking-vulnerability/...

Deriv.com: Full takeover of some binary.com sub domains

heracles found a way to hijack our subdomains . This was indeed a creative find :...

Deriv.com: XSS

thalaivarsubu reported a valid xss on our main domain which was unfortunately a duplicate report. This issue has been resolved by us...

Deriv.com: Cookie bug

blinkms reported a bug which allowed some of the blocked trading features to be enabled by manipulating the cookies...

Deriv.com: login to any user's cashier account and full account information disclosure

Hi , I have found an issue allowing an attacker to login to any user's cashier account and view sensitive user information by just knowing the user account ID. Steps to reproduce: 1. open 2 browsers and create 2 accounts , login with each account on a browser. 2. let's call account 1 , the victim...

Deriv.com: Cross Site Scripting

paulos reported xss in new account section of binary.com which was resolved by us...