Topcoder


12 total issues disclosed

$0 total paid publicly


Most disclosed (5 disclosures) — Cross-site Scripting (XSS) - Reflected

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
SSRF to AWS file read Server-Side Request Forgery (SSRF) 3viltwin Critical 2021-09-16
Reflected XSS in https://www.topcoder.com/blog/category/community-stories/ Cross-site Scripting (XSS) - Reflected c0mbo Low 2021-07-12
Stored-Xss at connect.topcoder.com/projects/ affected on project chat members Cross-site Scripting (XSS) - Stored sodium_ High 2020-09-22
Reflected-XSS on https://www.topcoder.com/tc via pt parameter Cross-site Scripting (XSS) - Reflected laz0rde Medium 2020-09-04
SVG file upload leads to XML injection XML Injection tushr Low 2020-08-14
Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII Cross-site Scripting (XSS) - Stored mase289 High 2020-08-07
IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter Insecure Direct Object Reference (IDOR) powerpuff Medium 2020-05-12
Reflected XSS on https://apps.topcoder.com/wiki/ Cross-site Scripting (XSS) - Reflected powerpuff Medium 2020-05-12
Reflected XSS on https://apps.topcoder.com/wiki/page/ Cross-site Scripting (XSS) - Reflected powerpuff Medium 2020-05-12
Stored XSS on https://apps.topcoder.com/wiki/pages/editpage.action Cross-site Scripting (XSS) - Stored powerpuff High 2020-05-12
PII of Users Disclosure using "/members/invite/" endpoint Information Disclosure bonikia97 High 2020-04-13
Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com Cross-site Scripting (XSS) - Reflected gkhck_ Medium 2020-02-24