Linktree Program Statistics


View program

6 total issues disclosed

$1,200 total paid publicly

Most disclosed (2 disclosures) — Cross-site Scripting (XSS) - Stored



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
[song.link] Open Redirect Open Redirect 0xshdax Low 2023-01-23
Account takeover - improper validation of jwt signature (with regards to experiation date claim) Improper Authorization twelvesix High 2022-12-26
XSS in linktr.ee - on link thumbnail adding Cross-site Scripting (XSS) - Stored jagata Medium 2022-12-06
XSS in SocialIcon Link Cross-site Scripting (XSS) - Stored sudi High 2022-10-31
A malicious admin can be able to permanently disable a Owner(Admin) to access his account Insecure Direct Object Reference (IDOR) dewcode91 Medium 2022-10-25
No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose) Unrestricted Upload of File with Dangerous Type bug_vs_me Medium 2022-09-15