CS Money


14 total issues disclosed

$3,700 total paid publicly


Most disclosed (3 disclosures) — None supplied

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Blind XSS on image upload Cross-site Scripting (XSS) - Stored gatolouco High 2020-12-26
Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable User Interface (UI) Misrepresentation of Critical Information rootishere Low 2020-11-12
Pixel Flood Attack leads to Application level DoS Denial of Service mr_vrush Low 2020-11-05
Site-wide CSRF on Safari due to CORS misconfiguration (not localhost) Cross-Site Request Forgery (CSRF) nnez Medium 2020-10-27
ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection) Denial of Service mvm Medium 2020-10-27
Manipulate Uneditable Messages in Support Business Logic Errors ahmd_halabi High 2020-10-27
Improper authentication in the load sell inventory page Improper Authentication - Generic niggy No rating 2020-10-08
Server-side denial of service via large payload sent to wiki.cs.money/graphql Denial of Service michael7854 Medium 2020-10-05
Application DOS via specially crafted payload on 3d.cs.money None supplied enigmaticjohn Medium 2020-10-01
[cs.money] Open Redirect Leads to Account Takeover Improper Authentication - Generic abdilahrf_ Medium 2020-09-30
IDOR in https://3d.cs.money/ Insecure Direct Object Reference (IDOR) khoabda1 Medium 2020-09-28
Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription None supplied khoabda1 Medium 2020-09-28
Bypass Filter on link of build None supplied khoabda1 Low 2020-09-28
Internal Path Disclosure File and Directory Information Exposure mr_vrush Low 2020-09-11