Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles OpenMage Program Statistics
5 total issues disclosed
$0 total paid publicly
Most disclosed (1 disclosures) — Cross-Site Request Forgery (CSRF)
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| No Limit on Email Subscription | Allocation of Resources Without Limits or Throttling | thecyberjerry | Low | 2021-09-04 |
| CSRF in changing password after using reset password link | Cross-Site Request Forgery (CSRF) | xenx | Low | 2021-05-27 |
| Very long names on demo.openmage.org could redirect victim users to malicious url redirects via email contacts. | Privacy Violation | lmhu | Medium | 2021-04-29 |
| No error thrown when IDOR attempted while editing address | Misconfiguration | merbin | Medium | 2021-04-26 |
| Sharing products with Mail allows phishing attacks due to misconfiguration. | Business Logic Errors | grmx | Medium | 2021-04-25 |