Liberapay


29 total issues disclosed

$50 total paid publicly


Most disclosed (6 disclosures) — Business Logic Errors

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Leaking Of Sensitive Information on Github Information Disclosure harrisoft Low 2020-04-03
Improper Data Validation / Unvalidated Input Classic Buffer Overflow cardangi None 2018-07-05
No Data Validation, No Captcha, No Filters... Business Logic Errors cardangi None 2018-06-11
Cross site scripting (content-sniffing) Cross-site Scripting (XSS) - DOM said778 None 2018-06-10
Buffer overflow Classic Buffer Overflow kaushalag29 None 2018-06-10
Punny code Detection Parsing should be implemented on Markdown Business Logic Errors kunal94 None 2018-06-07
Returning back from the browser after logging off will disclose some information Business Logic Errors zir0x No rating 2018-06-07
A single user can subscribe a community multiple times Business Logic Errors mks11nov None 2018-06-07
Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings Information Disclosure kapytein Medium 2018-06-05
Missing back-end user input validation can lead to DOS flaw Business Logic Errors zuh4n No rating 2018-06-05
Csrf token does not meet security design None supplied wsfengfan474 No rating 2018-06-05
REGISTRATION USING FAKE EMAIL ACCOUNT Business Logic Errors rootbakar None 2018-06-05
Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution Deserialization of Untrusted Data kapytein No rating 2018-06-04
CSRF token manipulation in every possible form submits. NO server side Validation Cross-Site Request Forgery (CSRF) mah1ndra No rating 2018-06-04
csrf token did not changed after login/logout many times Cross-Site Request Forgery (CSRF) cryptographer None 2018-06-04
Current CSP Policy chained with HTML Injection can lead to Data Exfiltration Violation of Secure Design Principles nthack None 2018-06-04
Phishing by Navigating Browser Tabs None supplied 4w3 None 2018-06-04
CSRF ON EDITING NAME (OPTIONAL) Cross-Site Request Forgery (CSRF) rootbakar None 2018-06-04
Insecure Account Deletion Improper Authentication - Generic hack2684 None 2018-06-04
The csrf token remains same after user logs in Violation of Secure Design Principles d4w No rating 2018-06-04
Same CSRF token is being used for deleting other platform login’s within an account and across other liberapay Account’s Cross-Site Request Forgery (CSRF) mah1ndra No rating 2018-06-04
Anyone can register organization legal type as "Soletrader" Resource Injection 4bg0p None 2018-06-03
Liberapay Non Verified Account Takeover with signup feature Improper Authentication - Generic babayaga_ None 2018-06-03
Unsecure changing password None supplied asdfasdfasdfasdfasdfsdfsdfsdf None 2018-06-02
twitter api access token leaked on github Cleartext Storage of Sensitive Information sonahri_501 None 2018-06-02
Authenticated reflected XSS on liberapay.com via the back_to parameter when leaving a team. Cross-site Scripting (XSS) - Reflected techguynoob Low 2018-06-02
CSRF to make any user accept the invitation to the team Cross-Site Request Forgery (CSRF) albatraoz None 2018-06-02
Origin IP found, Cloudflare bypassed Improper Access Control - Generic europa Medium 2018-06-02
Able to View other users income history Insecure Direct Object Reference (IDOR) amaljacob None 2018-06-02