HackerOne: Open Redirection in index.php page

Summary: Redirection is performed by HackerOne website when index.php page is visited. The parameter to index.php is used in redirection. By manipulating this parameter, an attacker can redirect victim outside www.hackerone.com Description: When a user visit www.hackerone.com/index.php/xyz, he/sh...

HackerOne: www.hackerone.com website CSP "script-src" includes "unsafe-inline"

Summary: The HTTP header of the hackerone.com website includes an unsafe CSP parameter for "script-src". Description: The hackerone.com website https://www.hackerone.com has a Content-Security-Policy configured, as pointed out on the Bug Bounty page of their program: We utilize a strict Content...