Linktree Program Statistics
6 total issues disclosed
$1,200 total paid publicly
Most disclosed (2 disclosures) — Cross-site Scripting (XSS) - Stored
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| [song.link] Open Redirect | Open Redirect | 0xshdax | Low | 2023-01-23 |
| Account takeover - improper validation of jwt signature (with regards to experiation date claim) | Improper Authorization | twelvesix | High | 2022-12-26 |
| XSS in linktr.ee - on link thumbnail adding | Cross-site Scripting (XSS) - Stored | jagata | Medium | 2022-12-06 |
| XSS in SocialIcon Link | Cross-site Scripting (XSS) - Stored | sudi | High | 2022-10-31 |
| A malicious admin can be able to permanently disable a Owner(Admin) to access his account | Insecure Direct Object Reference (IDOR) | dewcode91 | Medium | 2022-10-25 |
| No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose) | Unrestricted Upload of File with Dangerous Type | bug_vs_me | Medium | 2022-09-15 |
Getting started
Learn about vulnerability types
Getting started in bug bounties
Test your knowledge
Free Web Application Challenges
Guides for your hunts
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources
Disclosed HackerOne Reports
Our community
Endorsed Members
Hackevents
Member Articles