Moneybird


reports in last 90 days

18

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Open Redirection while saving User account Settings

Open Redirect prial261 Time to triage: 0 Days and 14 hours


Time to close: 6 Days and 1 hours
Resolved

Low Moneybird customers invoices leak in cacheable urls

None supplied bogdantcaciuc Time to triage: 10 Days and 13 hours


Time to close: 0 Days and 0 hours
Resolved

Medium Stored XSS at Moneybird

Cross-site Scripting (XSS) - Stored geeklegend Time to triage: 5 Days and 10 hours


Time to close: 1 Days and 0 hours
Resolved

No rating Webhook allows sending payload using insecure HTTP protocol

Cryptographic Issues - Generic mattweidner Time to triage: 3 Days and 18 hours


Time to close: 291 Days and 7 hours
Resolved

No rating Stored XSS thru SVG upload

Cross-site Scripting (XSS) - Generic 4lemon Time to triage: 1 Days and 0 hours


Time to close: 33 Days and 1 hours
Resolved

No rating XXE issue

Command Injection - Generic 4lemon Time to triage: 0 Days and 23 hours


Time to close: 34 Days and 0 hours
Resolved

Low Stored Cross Site Scripting in Customer Name

Cross-site Scripting (XSS) - Generic yaworsk Time to triage: 8 Days and 23 hours


Time to close: 0 Days and 2 hours
Resolved

No rating Content Spoofing In Moneybird

Violation of Secure Design Principles a5tronaut Time to triage: 2 Days and 23 hours


Time to close: 15 Days and 22 hours
Resolved

No rating Logging out any user

Violation of Secure Design Principles japz Time to triage: 6 Days and 23 hours


Time to close: 52 Days and 4 hours
Resolved

No rating [Stored Cross-Site-Scripting] When search about Incoming ( Manual Jurnal )

Cross-site Scripting (XSS) - Generic bogdantcaciuc Time to triage: 0 Days and 18 hours


Time to close: 6 Days and 21 hours
Resolved

No rating Open Redirect vulnerability in moneybird.com

Open Redirect a5tronaut Time to triage: 0 Days and 8 hours


Time to close: 13 Days and 16 hours
Resolved

No rating [STORED XSS] in debtor reports of ,,invoices''

Cross-site Scripting (XSS) - Generic bogdantcaciuc Time to triage: 9 Days and 20 hours


Time to close: 0 Days and 0 hours
Resolved

No rating information disclose

Information Disclosure dotnick Time to triage: 0 Days and 6 hours


Time to close: 6 Days and 14 hours
Resolved

No rating Employees with Any Permissions Can Create App with Full Permissions and Perform any API Action

Improper Authentication - Generic yaworsk Time to triage: 6 Days and 16 hours


Time to close: 20 Days and 2 hours
Resolved

No rating Malicious File Upload

Violation of Secure Design Principles hackheaven Time to triage: 0 Days and 3 hours


Time to close: 44 Days and 22 hours
Resolved

No rating Stored XSS in Financial Account executing in Bank tab

Cross-site Scripting (XSS) - Generic hackheaven123 Time to triage: 0 Days and 2 hours


Time to close: 26 Days and 0 hours
Resolved

No rating Reflected XSS in Backend search

Cross-site Scripting (XSS) - Generic krankopwnz Time to triage: 0 Days and 12 hours


Time to close: 5 Days and 5 hours
Resolved

No rating CSV Injection with the CSV export feature

Command Injection - Generic trabajoduro Time to triage: 1 Days and 18 hours


Time to close: 27 Days and 2 hours
Resolved