8x8


26 total issues disclosed

$0 total paid publicly


Most disclosed (5 disclosures) — Information Disclosure

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Exposed kubernetes dashboard None supplied bugkill3r Medium 2021-12-09
[jitsi-meet] Authentication Bypass when using JWT w/ public keys Improper Authentication - Generic plokta Medium 2021-11-20
Authentication Bypass & ApacheTomcat Misconfiguration in [██] Improper Authentication - Generic thecyberguy0 Medium 2021-11-04
Exposed PHP dependencies at ██.8x8.com Information Disclosure ian Low 2021-10-27
DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com Privilege Escalation melbadry9 Medium 2021-07-30
Subdomain takeover of ███.wavecell.com Privilege Escalation ian High 2021-05-02
Open Redirect on [blog.wavecell.com] Open Redirect melbadry9 Low 2020-10-26
2FA Disable With Wrong Password - Response Tampering. Improper Input Validation the_predator High 2020-10-21
DOM Based XSS at docs.8x8.com Cross-site Scripting (XSS) - DOM wh0ru Medium 2020-09-22
Default Creds Spring Boot Admin Information Disclosure testingforbugs High 2020-08-14
Send Phishing/Spam email from [email protected] to any email address. Improper Input Validation wisp High 2020-08-06
SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server SQL Injection b1ackgamba High 2020-07-29
IDOR: Adding Contacts to Other User Groups Insecure Direct Object Reference (IDOR) ameyanekar Low 2020-07-27
Stored Cross Site Scripting. Cross-site Scripting (XSS) - Stored shakhawatpr99 High 2020-07-21
Cross-site Scripting (XSS) - Reflected Cross-site Scripting (XSS) - Reflected hein_thant High 2020-07-07
Stored XSS on Company Logo Cleartext Storage of Sensitive Information bugify12334 Medium 2020-07-07
PHPinfo page on http://█████.callstats.io Information Disclosure manantch Low 2020-07-03
CRLF injection agentcrm.8x8.com CRLF Injection w2w Medium 2020-06-26
Hardcoded credentials in Android App Information Disclosure madrobot High 2020-06-22
Post based XSS (Cross site scripting) on https://apimgr.8x8.com Cross-site Scripting (XSS) - Generic madrobot Medium 2020-06-22
Blind Command Injection #1 Command Injection - Generic bugify12334 High 2020-06-22
Publicly accessible .svn repository - aastraconf.packet8.net Information Disclosure madrobot Medium 2020-06-22
Directory listing of https://get8x8.com/ None supplied whitehatmat Low 2020-06-09
Xss (cross site scripting) on http://axa.dxi.eu/ Cross-site Scripting (XSS) - Reflected madrobot Medium 2020-06-09
[CRITICAL] Remote code execution on http://axa.dxi.eu Code Injection madrobot Critical 2020-06-09
Reflected xss on 8x8.com subdomain Cross-site Scripting (XSS) - Reflected everybodyhurts Medium 2020-02-12