Localtapiola


reports in last 90 days

100

disclosed resolved issues

1

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter

Cross-site Scripting (XSS) - Reflected chihuahua Time to triage: 0 Days and 1 hours


Time to close: 16 Days and 4 hours
Resolved

No rating WordPress username enumeration (/author)

Information Disclosure linkks Time to triage: 30 Days and 1 hours


Time to close: 122 Days and 10 hours
Resolved

Medium F5 BigIP Backend Cookie Disclosure

Information Disclosure lovepakistan Issue was not triaged


Time to close: 50 Days and 12 hours
Resolved

No rating User Information Disclosure via the REST API - /?_method=GET

Information Disclosure lovepakistan Time to triage: 32 Days and 9 hours


Time to close: 18 Days and 15 hours
Resolved

Medium Wordpress Users Disclosure (/wp-json/wp/v2/users/)

Information Disclosure rootnepal Time to triage: 19 Days and 12 hours


Time to close: 47 Days and 4 hours
Resolved

High Sitemap causing strain on your Lahitapiola.fi server

Denial of Service ozzyoz Time to triage: 116 Days and 11 hours


Time to close: 0 Days and 0 hours
Resolved

Medium F5 BIG-IP Cookie Remote Information Disclosure

Information Disclosure petruknisme Time to triage: 43 Days and 1 hours


Time to close: 41 Days and 20 hours
Resolved

Critical User able to access company details in yrityspalvelu without proper permissions

Improper Authentication - Generic billy_blaze Time to triage: 212 Days and 2 hours


Time to close: 249 Days and 11 hours
Resolved

Medium Reflected XSS (myynti.lahitapiolarahoitus.fi)

Cross-site Scripting (XSS) - Reflected yasar Time to triage: 0 Days and 0 hours


Time to close: 99 Days and 15 hours
Resolved

Medium Disclosure of Users Information via Wordpress API (?rest_route)

Information Disclosure victorrocha Time to triage: 18 Days and 9 hours


Time to close: 23 Days and 23 hours
Resolved

Medium User Information Disclosure via Json response

Information Disclosure d3ad1y_b0073r Time to triage: 16 Days and 22 hours


Time to close: 23 Days and 23 hours
Resolved

Low Internal IP Address Disclosure at https://www.lahitapiolarahoitus.fi/wp-json/wp/v2/pages

Information Disclosure sinusoidal Issue was not triaged


Time to close: 33 Days and 12 hours
Resolved

High Authorization issue on 'valtakirjat' (/e2/verkkopalvelu/)

Insecure Direct Object Reference (IDOR) muon4 Time to triage: 7 Days and 17 hours


Time to close: 87 Days and 21 hours
Resolved

High DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation

Denial of Service exadmin Issue was not triaged


Time to close: 18 Days and 10 hours
Resolved

High RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)

OS Command Injection yonm13 Time to triage: 0 Days and 15 hours


Time to close: 45 Days and 14 hours
Resolved

High Reflected XSS on bbe_open_htmleditor_popup.php of BBE Theme via "value"-GET-parameter

Cross-site Scripting (XSS) - Reflected putsi Time to triage: 0 Days and 0 hours


Time to close: 14 Days and 5 hours
Resolved

Medium Malicious file upload (secure.lahitapiola.fi)

Violation of Secure Design Principles muon4 Time to triage: 1 Days and 22 hours


Time to close: 40 Days and 22 hours
Resolved

Medium CSRF possible when SOP Bypass/UXSS is available

Violation of Secure Design Principles bugdiscloseguys Time to triage: 58 Days and 10 hours


Time to close: 357 Days and 0 hours
Resolved

Medium Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite

Cross-site Scripting (XSS) - Reflected teemuk Time to triage: 42 Days and 21 hours


Time to close: 14 Days and 18 hours
Resolved

Medium Exposed authentication (/cs/Satellite)

Brute Force curiositysec Time to triage: 6 Days and 0 hours


Time to close: 117 Days and 0 hours
Resolved

Medium The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack

Denial of Service tan_stream Time to triage: 52 Days and 18 hours


Time to close: 39 Days and 3 hours
Resolved

High Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi

Cross-site Scripting (XSS) - Reflected putsi Issue was not triaged


Time to close: 1 Days and 19 hours
Resolved

Medium xmlrpc.php FILE IS enable it will used for bruteforce attack and denial of service

Denial of Service jacksonkv67 Time to triage: 2 Days and 17 hours


Time to close: 10 Days and 10 hours
Resolved

Medium Single user DOS on selectedLanuage -cookie at (verkkopalvelu.tapiola.fi)

Denial of Service mr_edwards Issue was not triaged


Time to close: 384 Days and 23 hours
Resolved

Low Test Page available with Server details on /r/test (viestinta.lahitapiola.fi)

Information Disclosure yonm13 Time to triage: 21 Days and 11 hours


Time to close: 2 Days and 17 hours
Resolved