Uber: Clickjacking in love.uber.com

Hi , Your domain love.uber.com is vulnerable to Clickjacking. I'm able to load the domain love.uber.com in an iframe , so an attacker can certainly take advantage of this clickjacking bug in love.uber.com Click-jacking is a process of “stealing” clicks on your site, redirecting them to other...

Uber: SQLi in love.uber.com

@iad found an SQL Injection vulnerability in one of our Wordpress blog's plugins the website being love.uber.com. This blog was hosted at WPEngine and did not contain any of our user's information. However due to our previously vague bug bounty rules we decided to reward the maximum of 3,000$ sin...

Uber: XSS on love.uber.com

Hi, here is an XSS vector on love.uber.com https://love.uber.com/australia/?iclaction=reminderpopup&target=javascript%3aalert%28%2ftest%2f%29%3b%2f%2f Anatoly Ivanov...

Uber: XSS @ love.uber.com

Hello Team, I found a Cross-Site Scripting XSS in http://love.uber.com/ I'm not sure if it is eligible for bounty, as this domain is not listed under scope of the program. still as the issue is an XSS, i wanted to bring it to your attention. please mark this report as informative if you're not...