Omise Program Statistics

View program

5 total issues disclosed

$1,000 total paid publicly

Most disclosed (1 disclosures) — Server-Side Request Forgery (SSRF)

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Broken Authentication and Session Management Flaw After Change Password and Logout Violation of Secure Design Principles root_geek Low 2020-11-08
Authenticity token doesnt expire after single use leading to CSRF Cross-Site Request Forgery (CSRF) d4rk_h4xor No rating 2020-08-17
Signup with any email and enable 2FA without verifying email None supplied rioncool22 Medium 2020-04-23
Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ] Improper Access Control - Generic elmahdi Medium 2019-10-09
SSRF in webhooks leads to AWS private keys disclosure Server-Side Request Forgery (SSRF) honoki High 2019-06-28