Evernote Bug Bounty Program Statistics | BugBountyHunter.com

You are viewing our old website

We are busy working on a brand new website and platform. All of the content on this website is considered out-dated, however challenges and our members section are working as before. Stay tuned for updates!

Evernote Program Statistics

10 total issues disclosed

$6,100 total paid publicly

Most disclosed (2 disclosures) — None supplied

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Email Verification Bypass by bruteforcing when setting up 2FA	Improper Restriction of Authentication Attempts	cyberworlcload	Low	2022-05-22
Reflected XSS in the shared note view on https://evernote.com	Cross-site Scripting (XSS) - Reflected	sarka	Medium	2022-04-20
2 click Remote Code execution in Evernote Android	Path Traversal: '.../...//'	hulkvision_	High	2022-03-29
[34.96.80.155] Server Logs Disclosure lead to Information Leakage	Privilege Escalation	huntinex	Low	2021-12-09
Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion	Server-Side Request Forgery (SSRF)	neolexsecurity	Critical	2021-12-06
CSRF leads to account deactivation of users	None supplied	sampritdas	Medium	2021-10-19
Non-production Open Database In Combination With XXE Leads To SSRF	XML External Entities (XXE)	kaulse	Critical	2020-10-27
One Click Code Execution via File	Execution with Unnecessary Privileges	ajdumanhug	High	2020-03-24
One Click Code Execution via File	Execution with Unnecessary Privileges	ajdumanhug	High	2020-03-24
Wormable stored XSS in www.evernote.com	None supplied	jobert	High	2018-08-21