Upserve


14 total issues disclosed

$21,600 total paid publicly


Most disclosed (3 disclosures) — Cross-site Scripting (XSS) - Reflected

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Payment method token being sent to 3rd party analytics service Business Logic Errors ctulhu High 2021-09-03
Reflected XSS on https://inventory.upserve.com/ (affects IE users only) Cross-site Scripting (XSS) - Reflected stealthy Medium 2019-08-06
OLO Total price manipulation using negative quantities Business Logic Errors fuzz Critical 2019-07-06
DOM Based XSS via postMessage at https://inventory.upserve.com/login/ Cross-site Scripting (XSS) - DOM gamer7112 High 2019-06-25
Ability to create own account UUID leads to stored XSS Cross-site Scripting (XSS) - Stored cache-money High 2019-06-10
Open redirect at https://inventory.upserve.com/http://google.com/ Open Redirect stankoja Medium 2019-06-07
Open redirect on https://hq-api.upserve.com/ Open Redirect sydpy Medium 2019-06-07
Ability to reset password for account Improper Access Control - Generic exadmin Critical 2019-06-06
Ability to reset password for account Improper Access Control - Generic exadmin Critical 2019-06-06
[theacademy.upserve.com] Reflected XSS Query-String Cross-site Scripting (XSS) - Reflected bobrov Low 2018-10-19
Reflected xss on theacademy.upserve.com Cross-site Scripting (XSS) - Reflected naasha Low 2018-09-29
Blind stored xss in demo form Cross-site Scripting (XSS) - Stored paresh_parmar High 2018-04-12
reports.breadcrumb.com is vulnerable for Arbitrary file existence disclosur CVE-2014-7829 Information Disclosure s3curityb3ast Low 2018-03-29
Information disclosure through search engines (password reset token) Information Disclosure nitesculucian Medium 2018-03-13