Upserve Program Statistics

View program

14 total issues disclosed

$21,600 total paid publicly

Most disclosed (3 disclosures) — Cross-site Scripting (XSS) - Reflected

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Payment method token being sent to 3rd party analytics service Business Logic Errors ctulhu High 2021-09-03
Reflected XSS on https://inventory.upserve.com/ (affects IE users only) Cross-site Scripting (XSS) - Reflected stealthy Medium 2019-08-06
OLO Total price manipulation using negative quantities Business Logic Errors fuzz Critical 2019-07-06
DOM Based XSS via postMessage at https://inventory.upserve.com/login/ Cross-site Scripting (XSS) - DOM gamer7112 High 2019-06-25
Ability to create own account UUID leads to stored XSS Cross-site Scripting (XSS) - Stored cache-money High 2019-06-10
Open redirect at https://inventory.upserve.com/http://google.com/ Open Redirect stankoja Medium 2019-06-07
Open redirect on https://hq-api.upserve.com/ Open Redirect sydpy Medium 2019-06-07
Ability to reset password for account Improper Access Control - Generic exadmin Critical 2019-06-06
Ability to reset password for account Improper Access Control - Generic exadmin Critical 2019-06-06
[theacademy.upserve.com] Reflected XSS Query-String Cross-site Scripting (XSS) - Reflected bobrov Low 2018-10-19
Reflected xss on theacademy.upserve.com Cross-site Scripting (XSS) - Reflected naasha Low 2018-09-29
Blind stored xss in demo form Cross-site Scripting (XSS) - Stored paresh_parmar High 2018-04-12
reports.breadcrumb.com is vulnerable for Arbitrary file existence disclosur CVE-2014-7829 Information Disclosure s3curityb3ast Low 2018-03-29
Information disclosure through search engines (password reset token) Information Disclosure nitesculucian Medium 2018-03-13