tomtom-user-guide.s3-website-us-west-2.amazonaws.com Cross Site Scripting vulnerability OBB-3848810

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

tomtom-tools.com Improper Access Control vulnerability OBB-3813925

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview tomtom-rk is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

TomTom: XSS Reflect

Hi guys, According to the attached prints, I found an XSS at https://www.tomtom.com/en/search/?q=%3C%2Fscript%3E link. Here is the payload used: https://www.tomtom.com/en/search/?q=%3C%2Fscript%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E Any questions, I'm available! Regards, z3xdd Impact A...

TomTom: Apache mod_status /server-status Information Disclosure

Description It is possible to obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and CPU...

TomTom: Reflected Cross Site Scripting vuln in tomtom.com

Hello Tomtom security team I found a reflected cross site scripting security vulnerability in tomtom.com https://www.tomtom.com/nlnl/search/?q=27%22--%3E%3CDetails%20Open%20OnToggle=confirmdocument.domain%3E This payload when loaded displays the domain the XSS vulnerability occurs in www.tomtom.c...

TomTom: CSRF allows attacker to manage customer's shopping cart.

The following endpoint https://www.tomtom.com:443/enus/store/basket-add.html had no CSRF checks / tokens .. whatsoever , which allows a malicious user add massive amounts of a any product to a victim's cart or empty the cart. the CSRF POC file included adds 50 items of the giving product the a...

tomtom.com Cross Site Request Forgery vulnerability

Vulnerable URL: https://www.tomtom.com/enin/account/details.html Details: Description| Value ---|--- Patched:| Yes, at 04.09.2017 Latest check for patch:| 04.09.2017 09:04 GMT Vulnerability type:| Cross Site Request Forgery Vulnerability status:| Publicly disclosed Alexa Rank| 4570 VIP website...

TomTom Sports - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application TomTom Sports published at the 'play' market has multiple vulnerabilities...

TomTom MyDrive - Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application TomTom MyDrive published at the 'play' market has multiple vulnerabilities...

telematics.tomtom.com XSS vulnerability

Vulnerable URL: https://telematics.tomtom.com/itit/webfleet/device-activation/?cta="-alert'OPENBUGBOUNTY'-" Details: Description| Value ---|--- Patched:| Yes, at 12.12.2016 Latest check for patch:| 12.12.2016 09:38 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

marketing.entgov.tomtom.com XSS vulnerability

Vulnerable URL: http://marketing.entgov.tomtom.com/acton/fs/blocks/showLandingPage/a/4701/p/p-00af/t/page/fm/0?s=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

TomTom GPS Navigation Traffic - Apache license, BSD license, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application TomTom GPS Navigation Traffic published at the 'play' market has multiple vulnerabilities...

TomTom WEBFLEET Mobile - External URLs, SD-card access, Unsafe deleting vulnerabilities

HackApp vulnerability scanner discovered that application TomTom WEBFLEET Mobile published at the 'play' market has multiple vulnerabilities...

TomTom MySports - Customized SSL, External URLs, KeyStore usage vulnerabilities

HackApp vulnerability scanner discovered that application TomTom MySports published at the 'play' market has multiple vulnerabilities...