Cloudflare Public Bug Bounty Program Statistics
29 total issues disclosed
$0 total paid publicly
Most disclosed (7 disclosures) — Cross-site Scripting (XSS) - Generic
Disclosed Reports
Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
---|---|---|---|---|
DOM XSS on 1.1.1.1(one.one.one.one) | Cross-site Scripting (XSS) - DOM | cujanovic | Medium | 2018-10-17 |
Remote file inclusion using "/cdn-cgi/pe/bag2?r[]=" | Remote File Inclusion | grampae | Critical | 2018-08-15 |
Private API key leakage due to lack of access control | Improper Access Control - Generic | yox | High | 2018-08-08 |
Potential XSS vulnerability to HTML minification | Cross-site Scripting (XSS) - Generic | filedescriptor | No rating | 2018-04-17 |
// (double slash) inside es6 template literals interpreted as an inline comment by the auto-minifier | Code Injection | veggie | Medium | 2018-03-17 |
SSRF | Server-Side Request Forgery (SSRF) | linkks | Critical | 2018-02-25 |
Cloudflare does not sufficiently truncate credit card numbers in invoices | Missing Encryption of Sensitive Data | webster | No rating | 2018-01-12 |
Cloudflare based XSS for IE11 | None supplied | reactors08 | Medium | 2017-05-04 |
[http2.cloudflare.com] Open Redirect | Open Redirect | bobrov | Low | 2017-03-24 |
Reflected XSS on partners.cloudflare.com | Cross-site Scripting (XSS) - Generic | albinowax | No rating | 2016-10-26 |
CSRF in Cloudflare login | Cross-Site Request Forgery (CSRF) | melvin | No rating | 2016-10-07 |
Bug Report | None supplied | thalaivarsubu | No rating | 2016-06-16 |
Clickjacking : https://partners.cloudflare.com/ | UI Redressing (Clickjacking) | xsserboiii | No rating | 2016-03-06 |
Threat control information leak | Cross-Site Request Forgery (CSRF) | bitquark | No rating | 2015-06-20 |
User's data leak | None supplied | sergeybelove | No rating | 2014-09-28 |
User can request for password reset link without giving his website, eventhough he have it | Violation of Secure Design Principles | born2hack | No rating | 2014-09-19 |
Apache mod_negotiation filename bruteforcing | Cryptographic Issues - Generic | jpsecurityresearch | No rating | 2014-09-19 |
System Status Update CSRF | Cross-Site Request Forgery (CSRF) | chandrakant | No rating | 2014-09-10 |
csrf on password change functionality | Cross-Site Request Forgery (CSRF) | robincool03111 | No rating | 2014-09-07 |
http://cdnjs.cloudflare.com/ Cross-site scripting 2 | Cross-site Scripting (XSS) - Generic | smiegles | No rating | 2014-08-08 |
jplayer.swf Cross-site scripting | Cross-site Scripting (XSS) - Generic | smiegles | No rating | 2014-08-08 |
Flash-based XSS in cdnjs.cloudflare.com subdomain | Cross-site Scripting (XSS) - Generic | prakharprasad | No rating | 2014-07-17 |
CSRF and No password requirement in this URL Billing Info | Cross-site Scripting (XSS) - Generic | shahmeer-amir | No rating | 2014-07-08 |
Content spoofing /CSRF at https://www.cloudflare.com/ajax/modal-dialog.html | Violation of Secure Design Principles | internetwache | No rating | 2014-07-08 |
Password reset threshold not set | Violation of Secure Design Principles | shahmeer-amir | No rating | 2014-07-08 |
Cookie missing the Secure flag | None supplied | 0xsaikiran | No rating | 2014-05-22 |
XSS - http://js.cloudflare.com | Cross-site Scripting (XSS) - Generic | dekeeu | No rating | 2014-05-22 |
Apache Multiviews are enabled | Denial of Service | shahmeer-amir | No rating | 2014-05-22 |
Security issue with your "bag" script | None supplied | peterjaric | No rating | 2014-05-07 |