U.S. Department of State Bug Bounty Program Statistics | BugBountyHunter.com

You are viewing our old website

We are busy working on a brand new website and platform. All of the content on this website is considered out-dated, however challenges and our members section are working as before. Stay tuned for updates!

U.S. Department of State Program Statistics

9 total issues disclosed

$0 total paid publicly

Most disclosed (2 disclosures) — Improper Access Control - Generic

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Impact of Using the PHP Function "phpinfo()" on System Security - PHP info page disclosure	Information Disclosure	carpc	Low	2023-05-18
LDAP anonymous access enabled at certrep.pki.state.gov:389	Improper Access Control - Generic	0xjackal	Medium	2023-05-11
HTML INJECTION on coins.state.gov	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	devdevrl	Low	2023-04-26
Time Based SQL Injection	SQL Injection	shadow-krd	Critical	2023-04-20
IDOR in TalentMAP API can be abused to enumerate personal information of all the users	Insecure Direct Object Reference (IDOR)	nhx1	High	2023-04-11
Accessing unauthorized administration pages and seeing admin password - speakerkit.state.gov	Improper Access Control - Generic	qualw1n	High	2023-03-25
Bypassing Whitelist to perform SSRF for internal host scanning	Server-Side Request Forgery (SSRF)	imthatt	Low	2023-03-24
RXSS on https://travel.state.gov/content/travel/en/search.html	Cross-site Scripting (XSS) - Reflected	tmz900	Medium	2023-03-08
xss and html injection on ( https://labs.history.state.gov)	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	iismailu	Medium	2023-02-20