| 1823 | How i made 15k$ from Remote Code Execution Vulnerability |
Code injection
RCE
Self-XSS |
NA |
Abdulrahman Makki (@AMakki1337) |
Bug Bounty | 2022-02-13 | 2023-06-13 |
| 1813 | My First Reflected XSS Bug Bounty — Google Dork — $xxx |
Reflected XSS |
NA |
Proviesec (@proviesec) |
Bug Bounty | 2022-02-16 | 2023-06-13 |
| 1805 | Stored XSS in message.alibaba.com ($2,000) |
Stored XSS |
Alibaba |
R ando (@Rando02355205) |
Bug Bounty | 2022-02-18 | 2023-06-13 |
| 1799 | Bypassing Cloudflare’s WAF! |
XSS
WAF bypass |
NA |
Friendly (@SkeletorKeys) |
Bug Bounty | 2022-02-19 | 2023-06-13 |
| 1795 | XSS in hidden input field |
XSS |
NA |
Faizan Elahi |
Bug Bounty | 2022-02-21 | 2023-06-13 |
| 1770 | CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO |
Stored XSS
Account takeover |
Apache |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2022-03-02 | 2023-06-13 |
| 1759 | Circumventing Browser Security Mechanisms For SSRF |
SSRF
XSS |
NA |
HTTPVoid (@httpvoid0x2f) |
Bug Bounty | 2022-03-08 | 2023-06-13 |
| 1743 | XSS through base64 encoded JSON |
XSS |
NA |
Aman Pareek (@aman_notsogreat) |
Bug Bounty | 2022-03-12 | 2023-06-13 |
| 1742 | A Tale of Open Redirection to Stored XSS |
Stored XSS
Open redirect |
NA |
Tushar Sharma (@tusharSharma_0) |
Bug Bounty | 2022-03-12 | 2023-06-13 |
| 1732 | My First Bug on VDP & BBP - Bug Bounty |
Stored XSS |
NA |
Aditya Singh / rook1337 (@imrook1337) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
| 1729 | How I managed to trigger XSS automatically to get critical account takeover |
Stored XSS |
NA |
c4rrilat0r (@c4rrilat0r) |
Bug Bounty | 2022-03-15 | 2023-06-13 |
| 1725 | How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? |
XSS |
NA |
akshal(tojojo) |
Bug Bounty | 2022-03-16 | 2023-06-13 |
| 1723 | From XSS to RCE (dompdf 0day) |
XSS
RCE |
NA |
Positive Security (@positive_sec) |
Bug Bounty | 2022-03-16 | 2023-06-13 |
| 1698 | Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044) |
XSS
Arbitrary file read
Authentication bypass
OS command injection
RCE |
Netgear |
stypr (@stereotype32) |
Bug Bounty | 2022-03-25 | 2023-06-13 |
| 1693 | Stealing cookies from subdomain leads to takeover user accounts at redacted.com |
Account takeover
XSS |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2022-03-27 | 2023-06-13 |
| 1692 | How I was able to rick roll every users on root-me.org |
XSS |
Root-Me |
Mizu (@kevin_mizu) |
Bug Bounty | 2022-03-27 | 2023-06-13 |
| 1681 | Got Access To Dota 2 Admin Panel By Exploiting In-game Feature |
XSS |
Valve |
Abdillah Muhamad (@abdilahrf) |
Bug Bounty | 2022-03-31 | 2023-06-13 |
| 1676 | Small bugs are more dangerous than you think |
Self-XSS
Stored XSS
Open redirect
CSRF |
NA |
Liv Matan (@terminatorLM) |
Bug Bounty | 2022-04-01 | 2023-06-13 |
| 1672 | Multiple Times I Hacked Duke University With RXSS Vulnerability!!! |
Reflected XSS |
Duke University |
Amit Kumar (@Amitlt2) |
Bug Bounty | 2022-04-02 | 2023-06-13 |
| 1665 | Hacked Nokia With Reflected Cross-site Scripting Vulnerability…. |
Reflected XSS |
Nokia |
Amit Kumar (@Amitlt2) |
Bug Bounty | 2022-04-04 | 2023-06-13 |
| 1651 | SSRF and Account Takeover via XSS in ERPNext (0-day) |
SSRF
XSS
Account takeover |
ERPNext |
huli (@aszx87410) |
Bug Bounty | 2022-04-06 | 2023-06-13 |
| 1644 | XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain |
XSS
HTML injection |
Huawei |
Ahmed Hassan |
Bug Bounty | 2022-04-10 | 2023-06-13 |
| 1636 | XSS - The LocalStorage Robbery |
XSS |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-04-12 | 2023-06-13 |
| 1612 | Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace |
XSS |
Rarible |
Palissade (@PalisadeLLC) |
Bug Bounty | 2022-04-18 | 2023-06-13 |
| 1611 | Adobe Acrobat hollowing out same-origin policy |
XSS
SOP bypass
Open redirect
postMessage |
Adobe |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-04-19 | 2023-06-13 |
