Airbnb


reports in last 90 days

6

disclosed resolved issues

3

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low [m.airbnb.com] CRLF Injection

HTTP Response Splitting bobrov Time to triage: 16 Days and 23 hours


Time to close: 7 Days and 4 hours
Resolved

Medium [airbnb.com] XSS via Cookie flash

Cross-site Scripting (XSS) - Generic bobrov Issue was not triaged


Time to close: 3 Days and 0 hours
Duplicate

No rating Call back number not verified

Business Logic Errors al7311 Issue was not triaged


Time to close: 22 Days and 3 hours
Informative

Medium Nginx Version Disclosure

Information Disclosure lulliii Issue was not triaged


Time to close: 1 Days and 23 hours
Informative

No rating ████ discloses valid Airbnb SSO login names via Google Search Results

Information Disclosure aesteral Time to triage: 6 Days and 4 hours


Time to close: 13 Days and 18 hours
Resolved

No rating authenticity_token is not random across page loads

Cross-Site Request Forgery (CSRF) alokmenghrajani Issue was not triaged


Time to close: 28 Days and 0 hours
Resolved

No rating I Can Delete Any Airbnb Users Symbol!

Improper Authentication - Generic faisalahmed Time to triage: 0 Days and 13 hours


Time to close: 96 Days and 5 hours
Resolved

No rating Vulnerability type xss uncovered in airbnb.es

Cross-site Scripting (XSS) - Generic hykatza Time to triage: 3 Days and 1 hours


Time to close: 3 Days and 6 hours
Resolved

No rating SSL Issues

Cryptographic Issues - Generic ruisilva Time to triage: 6 Days and 1 hours


Time to close: 6 Days and 2 hours
Resolved

No rating Generating Unlimited Free Travel Gift Invites | IDOR

Information Disclosure shamrocksu88 Issue was not triaged


Time to close: 0 Days and 1 hours
Informative