Wepay


reports in last 90 days

20

disclosed resolved issues

3

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low Reflected XSS in the IE 11 / Edge (latest versions) on the stage-go.wepay.com

Cross-site Scripting (XSS) - Reflected sp1d3rs Issue was not triaged


Time to close: 18 Days and 23 hours
Resolved

Low Active mixed content issues on the site https://stage-go.wepay.com.

Man-in-the-Middle mobius07 Time to triage: 7 Days and 11 hours


Time to close: 33 Days and 19 hours
Resolved

Low [stage-go.wepay.com] XSS via Request URI

Cross-site Scripting (XSS) - Reflected bobrov Time to triage: 5 Days and 2 hours


Time to close: 118 Days and 1 hours
Resolved

Low Reflected XSS in the IE 11 / Edge (latest versions) on the stage-go.wepay.com

Cross-site Scripting (XSS) - Reflected sp1d3rs Issue was not triaged


Time to close: 18 Days and 23 hours
Resolved

Low open 80 port of internal host leaking some configuration info

Information Exposure Through Debug Information ruvlol Issue was not triaged


Time to close: 11 Days and 22 hours
Resolved

Medium Enumeration of registered email addresses using bruteforce search on userIds

Information Disclosure cablej Time to triage: 9 Days and 19 hours


Time to close: 21 Days and 21 hours
Resolved

No rating Invited users can modify and/or remove account owner

Privilege Escalation eboda Time to triage: 3 Days and 11 hours


Time to close: 29 Days and 17 hours
Resolved

No rating Unauthenticated Stored XSS in API Panel

Cross-site Scripting (XSS) - Generic krankopwnz Time to triage: 1 Days and 7 hours


Time to close: 36 Days and 23 hours
Resolved

No rating 2-step Verification bypass

Improper Authentication - Generic sl1m Time to triage: 4 Days and 1 hours


Time to close: 61 Days and 23 hours
Resolved

No rating Subdomain Takeover in http://staging.wepay.com/ pointing to Fastly

Privilege Escalation harry_mg Issue was not triaged


Time to close: 0 Days and 8 hours
Resolved

No rating Critical : Account removing using CSRF attack

Cross-Site Request Forgery (CSRF) yassineaboukir Time to triage: 1 Days and 2 hours


Time to close: 38 Days and 23 hours
Resolved

No rating Unauthorized Access via Join Email Link

Violation of Secure Design Principles anshuman_bh Time to triage: 18 Days and 12 hours


Time to close: 304 Days and 1 hours
Resolved

No rating Horizontal Privilege Escalation

Privilege Escalation esamhacks Time to triage: 7 Days and 0 hours


Time to close: 7 Days and 1 hours
Resolved

No rating Broken Authentication – Session Token bug

UI Redressing (Clickjacking) ruisilva Issue was not triaged


Time to close: 10 Days and 20 hours
Informative

No rating Session fixation in wepay.com

Violation of Secure Design Principles shahmeer-amir Time to triage: 52 Days and 5 hours


Time to close: 41 Days and 19 hours
Resolved

No rating Session Fixation

None supplied anshuman_bh Time to triage: 25 Days and 17 hours


Time to close: 59 Days and 21 hours
Resolved

No rating CSRF (Make email primary) may lead to account compromise

Cross-Site Request Forgery (CSRF) coolboss Issue was not triaged


Time to close: 0 Days and 1 hours
Resolved

No rating Sensitive settings need Re authentication

Improper Authentication - Generic eronx Time to triage: 13 Days and 14 hours


Time to close: 49 Days and 6 hours
Informative

No rating oauth redirect uri validation bug leads to open redirect and account compromise

Open Redirect mrrm Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

No rating Typical form vulnerable to csrf attack

Cross-Site Request Forgery (CSRF) coolboss Time to triage: 45 Days and 18 hours


Time to close: 31 Days and 23 hours
Resolved

No rating CSRF on email address operations. Also performing unintended operations.

Cross-Site Request Forgery (CSRF) anshuman_bh Time to triage: 22 Days and 18 hours


Time to close: 17 Days and 5 hours
Resolved

No rating CSRF & Nonce Token Weak Implementation

Cross-Site Request Forgery (CSRF) eronx Time to triage: 0 Days and 0 hours


Time to close: 6 Days and 15 hours
Resolved

No rating Open Redirect

Open Redirect eronx Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 12 hours
Resolved