dota2-europe.com Cross Site Scripting vulnerability OBB-2375265

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Valve: /applications/dpc_(get|post) provide full access to api.steampowered.com with the Dota2 API key

The vulnerability allowed attackers to call arbitrary API methods using an API key with elevated privileges for Dota2...

Valve: Stored XSS in the guide's GameplayVersion (www.dota2.com)

Hi, team! The beginning of this issue looks like my previous report 369043, but this one will be much more interesting : So let's go! Steps to reproduce: 1 Open dota2 client and create new simple guide with XSS in the name. F318796 2 Publish this guide on steam. F318797 3 Now go to the Fiddler ap...

dota2.ru XSS vulnerability

Open Bug Bounty ID: OBB-551341 Description| Value ---|--- Affected Website:| dota2.ru Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until disclosure Disclosure Standard:| Coordinated Disclosure based on ISO 29147...

dota2.ru XSS vulnerability

Open Bug Bounty ID: OBB-530788 Description| Value ---|--- Affected Website:| dota2.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...