Maximum


29 total issues disclosed

$2,565 total paid publicly


Most disclosed (5 disclosures) — Cryptographic Issues - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
[mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation Denial of Service what_web Medium 2020-07-23
[mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation Denial of Service what_web Medium 2020-07-23
[www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. Denial of Service what_web Medium 2020-07-10
[www.werkenbijderet.nl] There is no rate limit for vacature-alert endpoints Improper Authentication - Generic what_web Medium 2020-07-10
[www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. Denial of Service what_web Medium 2020-07-10
[www.werkenbijbakertilly.nl] Information Disclosure Information Disclosure what_web Low 2020-06-30
I can subscribe and unsubscribe any user with the same token for as many times as i want Improper Access Control - Generic iam1here Medium 2020-04-21
x-request-id header reflected in server response without sanitization CRLF Injection zeop None 2020-02-22
Ability To Takeover any account by Emaill. Privilege Escalation 0xradi High 2019-07-10
Weak password Weak Cryptography for Passwords firestone No rating 2018-01-10
[werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages. Violation of Secure Design Principles smit Medium 2017-11-15
xss flash on http://presentatie.werkenbijmcdonalds.nl/ Cross-site Scripting (XSS) - Stored whitesector Low 2017-10-25
[Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites. Information Disclosure ykw1337 Medium 2017-09-07
Open redirect on https://werkenbijdefensie.nl/ Open Redirect kuton Medium 2017-07-27
Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl] Open Redirect 0xradi No rating 2017-06-21
Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl Insecure Direct Object Reference (IDOR) jorik Medium 2017-05-27
Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl Cross-Site Request Forgery (CSRF) jorik Medium 2017-05-27
Cross-site Scripting (XSS) on [maximum.nl] Cross-site Scripting (XSS) - Reflected 0xradi No rating 2017-05-24
IDOR in editing courses Insecure Direct Object Reference (IDOR) kieran Medium 2017-05-22
XSS Cross-site Scripting (XSS) - Reflected linkks No rating 2017-05-10
RC4 cipher suites detected Cryptographic Issues - Generic linkks No rating 2017-03-31
SSL certificate invalid date Cryptographic Issues - Generic linkks No rating 2017-03-31
Application error message Information Disclosure linkks No rating 2017-03-31
RC4 cipher suites detected Cryptographic Issues - Generic linkks No rating 2017-03-31
RC4 cipher suites detected Cryptographic Issues - Generic linkks No rating 2017-03-31
The POODLE attack (SSLv3 supported) Cryptographic Issues - Generic linkks No rating 2017-03-31
Application error message Information Disclosure linkks No rating 2017-03-31
Microsoft IIS tilde directory enumeration Information Disclosure linkks No rating 2017-03-31
Facebook and twitter page claimed of maximum.com [important] Violation of Secure Design Principles nulllover No rating 2017-01-21