Topcoder: PII of Users Disclosure using "/members/invite/" endpoint

Hello! I found PII Disclosue at https://connect.topcoder.com/projects/ Steps to Reproduce. 1 Go to https://connect.topcoder.com/projects 2 Select an existing project, or create a new one. 3 Select the "Manage Invitations" option. on the left sidebar. 4 Enter the Username/Email of the user you wan...

Topcoder: Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com

Hi, I found reflected xss on https://apps.topcoder.com via error message.. Payload : %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm Vulnerable link : https://apps.topcoder.com/wiki/labels/%3CIFRAME%20SRC%3D%22javascript%3Aalert'XSS'%22%3E.vm Step to reproduce : Create an account...

Topcoder: Stored-Xss at connect.topcoder.com/projects/ affected on project chat members

Hi team , I'm sorry for my bad report and english , but i wish you understand the impact of that bug here , if it well performed the sers may lose their access to their sso accounts Summary: While a developer at connect.topcoder.com can manage a messages about his/her project with someonelse , Th...

crowdsourcing.topcoder.com XSS vulnerability

Open Bug Bounty ID: OBB-584436 Description| Value ---|--- Affected Website:| crowdsourcing.topcoder.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

api.topcoder.com Open Redirect vulnerability

Vulnerable URL: https://api.topcoder.com/pub/activation.html?code=13S7EAY0WTN=https://www.xssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...