Adobe Bug Bounty Program Statistics

Adobe Program Statistics

24 total issues disclosed

$0 total paid publicly

Most disclosed (6 disclosures) — Cross-site Scripting (XSS) - DOM

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Disclosure of git metadata and springboot actuator information	Information Disclosure	jf0x0r	Low	2025-04-07
Registration Information Leakage	Improper Access Control - Generic	titanrain	Medium	2025-01-29
Unauthenticated Varnish Cache Purge	Misconfiguration	0xhuntress	Low	2024-09-12
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection.adobe.com	Cross-site Scripting (XSS) - Reflected	renzi	Low	2024-05-02
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com	Cross-site Scripting (XSS) - Reflected	renzi	Low	2024-04-22
DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI	Cross-site Scripting (XSS) - DOM	dreamer_eh	Medium	2023-01-24
DOM XSS at `https://adobedocs.github.io/indesign-api-docs/?configUrl={site}` due to outdated Swagger UI	Cross-site Scripting (XSS) - DOM	dreamer_eh	Medium	2023-01-19
HTML INJECTION on https://adobedocs.github.io/JourneyAPI/ due to outdated SWAGGER UI	Cross-site Scripting (XSS) - DOM	dreamer_eh	Medium	2023-01-17
HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI	Cross-site Scripting (XSS) - DOM	dreamer_eh	Low	2022-10-28
Reflected Cross site scripting via Swagger UI	Cross-site Scripting (XSS) - Reflected	webcipher101	Medium	2022-10-25
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation	Uncontrolled Resource Consumption	shirshak	Medium	2022-10-13
Main Domain Takeover at https://www.marketo.net/	Privilege Escalation	gdattacker	Critical	2022-09-26
API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone	Cleartext Storage of Sensitive Information	aneeeketh	Low	2022-09-01
Able to bypass the fix on DOM XSS at [www.adobe.com]	Cross-site Scripting (XSS) - DOM	saajanbhujel	Medium	2022-05-31
DOM XSS on www.adobe.com	Cross-site Scripting (XSS) - DOM	saajanbhujel	Medium	2022-05-31
Log4j Java RCE in [beta.dev.adobeconnect.com]	Code Injection	sheikhrishad0	Critical	2022-03-21
AEM forms XXE Vulnerability	XML External Entities (XXE)	ismailmuh	Critical	2022-01-13
Disclosure of github access token in config file via nignx off-by-slash	Path Traversal	letm3through	Critical	2022-01-13
Parameter tampering can result in product price manipulation	None supplied	khalidamin	High	2017-06-14
Adobe XSS	Cross-site Scripting (XSS) - Generic	dsopas	No rating	2016-10-18
Reflected XSS via. search	Cross-site Scripting (XSS) - Generic	skansing	No rating	2016-04-13
Open redirect and reflected xss in http://youthvoices.adobe.com/community?return_url=[payload her]	Cross-site Scripting (XSS) - Generic	nijagaw	No rating	2015-05-20
Reflected Cross Site Scripting - 'puser' Parameter in login page	Cross-site Scripting (XSS) - Generic	vagg-a-bond	No rating	2015-05-09
files.acrobat.com stored XSS via send file	Cross-site Scripting (XSS) - Generic	reactors08	No rating	2015-04-15

You are viewing our old website

BugBountyHunter

Adobe Program Statistics

Disclosed Reports