FetLife Program Statistics

View program

10 total issues disclosed

$1,400 total paid publicly

Most disclosed (4 disclosures) — Information Disclosure

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Able to see location coordinates in any event without permission to do so Information Disclosure ezzra Low 2024-09-25
Able to see highest poll result without voting or view result Information Exposure Through Debug Information deepblue29 Low 2023-11-15
fetlife.com/signup_step_profile expose access_token of mapbox.com Cleartext Transmission of Sensitive Information deepblue29 Medium 2023-11-01
Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites None supplied trieulieuf9 Medium 2022-03-09
Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response Information Disclosure trieulieuf9 Medium 2022-02-11
Specific Payload makes a Users Posts unavailable Uncontrolled Resource Consumption castilho Medium 2022-01-26
Able to access private picture/video/writing when requesting for their JSON response Information Disclosure trieulieuf9 Medium 2021-12-16
Stored XSS via Angular Expression injection via Subject while starting conversation with other users. Cross-site Scripting (XSS) - Stored xploiterr Medium 2021-03-07
Stored XSS via `Create a Fetish` section. Cross-site Scripting (XSS) - Stored xploiterr Medium 2021-02-25
Google API key leaked to Public Information Disclosure bb89e4af088379499c73f7d Low 2021-01-23