Elastic


Most disclosed (1 disclosures) — Cross-site Scripting (XSS) - DOM

superman85 has disclosed the most with 2 reports!

4 total issues disclosed

$19,000 total paid publicly


Launched on 2021-08-10

Accepts reports via HackerOne



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Prototype Pollution leads to XSS on https://blog.swiftype.com/#__proto__[asd]=alert(document.domain) Cross-site Scripting (XSS) - DOM s1r1u5 High 2021-08-16
Improper authorization on `/api/as/v1/credentials/` for Dev Role User with Limited Engine Access Improper Access Control - Generic superman85 High 2021-08-03
[Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>` Cross-site Scripting (XSS) - Stored superman85 High 2021-08-03
RCE hazard in reporting (via Chromium) Privilege Escalation alexbrasetvik Critical 2021-05-26