Cloudflare Public Bug Bounty Program Statistics

View program

29 total issues disclosed

$0 total paid publicly

Most disclosed (7 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
DOM XSS on Cross-site Scripting (XSS) - DOM cujanovic Medium 2018-10-17
Remote file inclusion using "/cdn-cgi/pe/bag2?r[]=" Remote File Inclusion grampae Critical 2018-08-15
Private API key leakage due to lack of access control Improper Access Control - Generic yox High 2018-08-08
Potential XSS vulnerability to HTML minification Cross-site Scripting (XSS) - Generic filedescriptor No rating 2018-04-17
// (double slash) inside es6 template literals interpreted as an inline comment by the auto-minifier Code Injection veggie Medium 2018-03-17
SSRF Server-Side Request Forgery (SSRF) linkks Critical 2018-02-25
Cloudflare does not sufficiently truncate credit card numbers in invoices Missing Encryption of Sensitive Data webster No rating 2018-01-12
Cloudflare based XSS for IE11 None supplied reactors08 Medium 2017-05-04
[] Open Redirect Open Redirect bobrov Low 2017-03-24
Reflected XSS on Cross-site Scripting (XSS) - Generic albinowax No rating 2016-10-26
CSRF in Cloudflare login Cross-Site Request Forgery (CSRF) melvin No rating 2016-10-07
Bug Report None supplied thalaivarsubu No rating 2016-06-16
Clickjacking : UI Redressing (Clickjacking) xsserboiii No rating 2016-03-06
Threat control information leak Cross-Site Request Forgery (CSRF) bitquark No rating 2015-06-20
User's data leak None supplied sergeybelove No rating 2014-09-28
User can request for password reset link without giving his website, eventhough he have it Violation of Secure Design Principles born2hack No rating 2014-09-19
Apache mod_negotiation filename bruteforcing Cryptographic Issues - Generic jpsecurityresearch No rating 2014-09-19
System Status Update CSRF Cross-Site Request Forgery (CSRF) chandrakant No rating 2014-09-10
csrf on password change functionality Cross-Site Request Forgery (CSRF) robincool03111 No rating 2014-09-07 Cross-site scripting 2 Cross-site Scripting (XSS) - Generic smiegles No rating 2014-08-08
jplayer.swf Cross-site scripting Cross-site Scripting (XSS) - Generic smiegles No rating 2014-08-08
Flash-based XSS in subdomain Cross-site Scripting (XSS) - Generic prakharprasad No rating 2014-07-17
CSRF and No password requirement in this URL Billing Info Cross-site Scripting (XSS) - Generic shahmeer-amir No rating 2014-07-08
Content spoofing /CSRF at Violation of Secure Design Principles internetwache No rating 2014-07-08
Password reset threshold not set Violation of Secure Design Principles shahmeer-amir No rating 2014-07-08
Cookie missing the Secure flag None supplied 0xsaikiran No rating 2014-05-22
XSS - Cross-site Scripting (XSS) - Generic dekeeu No rating 2014-05-22
Apache Multiviews are enabled Denial of Service shahmeer-amir No rating 2014-05-22
Security issue with your "bag" script None supplied peterjaric No rating 2014-05-07