DuckDuckGo


13 total issues disclosed

$0 total paid publicly


Most disclosed (3 disclosures) — Cross-site Scripting (XSS) - DOM

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
com.duckduckgo.mobile.android - Cache corruption Business Logic Errors webklex Medium 2021-09-26
Reflected/Stored XSS on duckduckgo.com Cross-site Scripting (XSS) - Reflected monke High 2021-04-10
DOM XSS on duckduckgo.com search Cross-site Scripting (XSS) - DOM sijisu Medium 2020-08-20
XSS on Videos IA Cross-site Scripting (XSS) - Stored capuzsec Medium 2020-07-31
DOM XSS on duckduckgo.com search Cross-site Scripting (XSS) - Reflected cujanovic Medium 2020-06-26
DOM XSS on duckduckgo.com search None supplied cujanovic High 2020-06-14
Partial bypass of #483774 with Blind XXE on https://duckduckgo.com XML External Entities (XXE) mik317 High 2019-02-25
XXE on https://duckduckgo.com XML External Entities (XXE) mik317 Critical 2019-01-31
DOM XSS on 50x.html page on proxy.duckduckgo.com Cross-site Scripting (XSS) - DOM smither High 2018-11-07
SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS) None supplied cujanovic Critical 2018-10-31
DOM XSS on 50x.html page Cross-site Scripting (XSS) - DOM cujanovic High 2018-10-16
SSRF on duckduckgo.com/iu/ Server-Side Request Forgery (SSRF) d0nut High 2018-09-09
SSRF in proxy.duckduckgo.com via the image_host parameter Server-Side Request Forgery (SSRF) fpatrik High 2018-08-15