Moneybird


24 total issues disclosed

$1,300 total paid publicly


Most disclosed (6 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
IDOR in https://moneybird.com/user/accountant_company/edit(change company name) Insecure Direct Object Reference (IDOR) t3chnophil3 Low 2021-09-21
No rate Limit None supplied citizen0x Low 2021-05-03
Stored XSS on add project Cross-site Scripting (XSS) - Stored tofla Medium 2020-10-05
Pending MFA logins aren't immediatly expired after a password change Session Fixation ant_pyne Low 2020-07-10
Bypass password reset rate limit protection at moneybird.com/passwords Denial of Service osama-hamad High 2019-12-22
Enable 2FA without verifying the email Denial of Service rioncool22 Medium 2019-10-25
Open Redirection while saving User account Settings Open Redirect prial261 Medium 2017-11-15
Stored XSS at Moneybird Cross-site Scripting (XSS) - Stored geeklegend Medium 2017-08-17
Moneybird customers invoices leak in cacheable urls None supplied bogdantcaciuc Low 2017-08-16
Webhook allows sending payload using insecure HTTP protocol Cryptographic Issues - Generic mattweidner No rating 2017-06-28
Stored Cross Site Scripting in Customer Name Cross-site Scripting (XSS) - Generic yaworsk Low 2017-03-17
XXE issue Command Injection - Generic 4lemon No rating 2017-03-17
Stored XSS thru SVG upload Cross-site Scripting (XSS) - Generic 4lemon No rating 2017-03-17
Logging out any user Violation of Secure Design Principles japz No rating 2016-08-26
Content Spoofing In Moneybird Violation of Secure Design Principles a5tronaut No rating 2016-08-26
[Stored Cross-Site-Scripting] When search about Incoming ( Manual Jurnal ) Cross-site Scripting (XSS) - Generic bogdantcaciuc No rating 2016-08-05
Open Redirect vulnerability in moneybird.com Open Redirect a5tronaut No rating 2016-07-28
information disclose Information Disclosure dotnick No rating 2016-07-06
[STORED XSS] in debtor reports of ,,invoices'' Cross-site Scripting (XSS) - Generic bogdantcaciuc No rating 2016-07-06
CSV Injection with the CSV export feature Command Injection - Generic trabajoduro No rating 2016-06-13
Stored XSS in Financial Account executing in Bank tab Cross-site Scripting (XSS) - Generic hackheaven123 No rating 2016-06-13
Malicious File Upload Violation of Secure Design Principles hackheaven No rating 2016-06-13
Employees with Any Permissions Can Create App with Full Permissions and Perform any API Action Improper Authentication - Generic yaworsk No rating 2016-06-13
Reflected XSS in Backend search Cross-site Scripting (XSS) - Generic krankopwnz No rating 2016-06-11