Yelp


reports in last 90 days

15

disclosed resolved issues

15

disclosed informative issues

3

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

No rating Bybass The Closing of the account and logged again to your account

Improper Authentication - Generic cymy Time to triage: 4 Days and 22 hours


Time to close: 5 Days and 0 hours
Resolved

Low Nginx version disclosure via forbidden page

Information Disclosure overlax Issue was not triaged


Time to close: 0 Days and 1 hours
Informative

No rating Clickjacking: X-Frame Header Missing

UI Redressing (Clickjacking) vaxo Issue was not triaged


Time to close: 13 Days and 1 hours
Informative

None Nginx server version disclosure on engineeringblog

Information Disclosure japz Issue was not triaged


Time to close: 3 Days and 9 hours
Informative

Low Possible content spoofing due to missing error page

Violation of Secure Design Principles pisarenko Issue was not triaged


Time to close: 0 Days and 6 hours
Informative

None Error Page Text Injection

Violation of Secure Design Principles r0h17 Issue was not triaged


Time to close: 0 Days and 10 hours
Informative

No rating [engineeringblog.yelp.com] CRLF Injection

None supplied bobrov Issue was not triaged


Time to close: 1 Days and 12 hours
Not-applicable

No rating IDOR(indirect object references) on add friend,complement and send message

Violation of Secure Design Principles w3b7ricks73r Issue was not triaged


Time to close: 0 Days and 10 hours
Not-applicable

No rating Ngnix Server version disclosure 404 Page!

Information Disclosure babayaga_ Issue was not triaged


Time to close: 0 Days and 8 hours
Informative

Low Weak Password Policy

Violation of Secure Design Principles k4yy1s Issue was not triaged


Time to close: 0 Days and 7 hours
Informative

Medium Click jacking in delete image of user in Yelp

UI Redressing (Clickjacking) mohamedsherif Issue was not triaged


Time to close: 1 Days and 18 hours
Duplicate

No rating Missing X-Frame-Options header

UI Redressing (Clickjacking) abdul_r3hman Issue was not triaged


Time to close: 0 Days and 5 hours
Duplicate

Low Content spoofing on yelp.onelogin

Open Redirect japz Issue was not triaged


Time to close: 1 Days and 20 hours
Informative

No rating Yelp.com is vulnerable to SWEET32 attack

Cryptographic Issues - Generic pkkothawade Issue was not triaged


Time to close: 5 Days and 9 hours
Informative

High Leaking sensitive information lead to compromise employer API keys

Insecure Storage of Sensitive Information xsam Time to triage: 0 Days and 23 hours


Time to close: 35 Days and 0 hours
Resolved

No rating Password reset token not expiring

Improper Authentication - Generic hk755a Time to triage: 1 Days and 11 hours


Time to close: 8 Days and 4 hours
Resolved

No rating IDNs displayed in unicode in messages/about/talk sections (Homograph Attack)

Violation of Secure Design Principles hk755a Time to triage: 0 Days and 3 hours


Time to close: 326 Days and 3 hours
Resolved

Low ClickJacking in editing business name

UI Redressing (Clickjacking) mohammad_obaid Issue was not triaged


Time to close: 0 Days and 15 hours
Informative

Low User can be fooled to Bookmark any restaurant by clickjacking

UI Redressing (Clickjacking) na5ne3t Issue was not triaged


Time to close: 1 Days and 12 hours
Informative

No rating One of yelp.com url is redirecting to domain which is not yet purchased

Open Redirect us111 Issue was not triaged


Time to close: 2 Days and 16 hours
Informative

No rating Research papers on yelp are getting indexed by google bots.

Information Disclosure us111 Issue was not triaged


Time to close: 2 Days and 15 hours
Not-applicable

None [Yelp Blog] Backslash in search string causes JS error

Violation of Secure Design Principles denispugachev Issue was not triaged


Time to close: 1 Days and 2 hours
Informative

Low Clickjacking @ Main Domain[www.yelp.com]

UI Redressing (Clickjacking) h4ck3r0ne Issue was not triaged


Time to close: 0 Days and 13 hours
Informative

None ClickJacking

UI Redressing (Clickjacking) jessepinkman Issue was not triaged


Time to close: 0 Days and 10 hours
Duplicate

No rating Verification of email addresses possible through https://www.yelp.com/signup/facebook

Information Disclosure coder13 Time to triage: 5 Days and 22 hours


Time to close: 132 Days and 0 hours
Resolved