Zendesk


Most disclosed (13 disclosures) — Cross-site Scripting (XSS) - Generic

zombiehelp54 has disclosed the most with 4 reports!

38 total issues disclosed

$13,650 total paid publicly


Launched on 2015-04-27

Accepts reports via HackerOne



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
CSRF on developer.zendesk.com via Cache Deception None supplied imran_nazir Medium 2020-11-25
Stored Cross Site Scripting on Zendesk agent dashboard Cross-site Scripting (XSS) - Stored apfeifer27 High 2018-10-13
Secret API Key Leakage via Query String Information Disclosure luckydivino High 2017-12-20
dom based xss in *.zendesk.com/external/zenbox/ Cross-site Scripting (XSS) - DOM sergeym Medium 2017-12-20
XSS with needed user intervention Cross-site Scripting (XSS) - Generic irotem2 Low 2017-11-01
SSRF issue in "URL target" allows [REDACTED] Information Disclosure agarri_fr No rating 2017-10-16
Remote code execution as root on [REDACTED] Code Injection agarri_fr No rating 2017-10-16
open redirect in <your_zendesk>.zendesk.com Open Redirect zombiehelp54 No rating 2017-10-16
Stored XSS in Draft Articles. Cross-site Scripting (XSS) - Generic harry_mg No rating 2017-10-16
Unvalidated / Open Redirect Open Redirect boniao_norwin Medium 2017-10-16
Race Condition in Article "Helpful" Indicator None supplied cablej No rating 2017-10-16
Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks Improper Authentication - Generic intidc Critical 2017-09-21
Android SDK - CREATE_REQUEST broascast is unprotected Information Disclosure bagipro Medium 2017-03-18
a stored xss in web widget chat Cross-site Scripting (XSS) - Generic boniao_norwin High 2017-03-18
Error stack trace enabled Information Disclosure 4lemon No rating 2017-03-18
express config leaking stacktrace Information Disclosure prbln Medium 2017-03-18
Missing function level access controls allowing attacker to abuse file access controls. Multiple vulnerabilities Privilege Escalation abhijeth No rating 2017-02-23
XSS in zendesk.com/product/ Cross-site Scripting (XSS) - Generic virtualhunter No rating 2016-12-15
AWS S3 bucket writable for authenticated aws user Improper Authentication - Generic dpgribkov No rating 2016-11-29
[status.zopim.com] Open Redirect Open Redirect bobrov No rating 2016-10-26
Full Sub Domain Takeover at wx.zopim.net None supplied punkrock Medium 2016-10-26
Stored XSS on [your_zendesk].zendesk.com in Facebook Channel Cross-site Scripting (XSS) - Generic eboda No rating 2016-06-01
Stored XSS via Angular Expression injection on developer.zendesk.com Cross-site Scripting (XSS) - Generic albinowax No rating 2016-06-01
[HIGH RISK] CSRF could potentially delete a zendesk subdomain. Cross-Site Request Forgery (CSRF) apok No rating 2016-05-24
XSS In /zuora/ functionality Cross-site Scripting (XSS) - Generic apok No rating 2016-05-24
[CRITICAL] HTML injection issue leading to account take over Cross-site Scripting (XSS) - Generic zombiehelp54 No rating 2016-04-04
Chat History CSV Export Excel Injection Vulnerability Command Injection - Generic pr0tagon1st No rating 2016-04-04
[CRITICAL] CSRF leading to account take over Cross-Site Request Forgery (CSRF) zombiehelp54 No rating 2016-04-04
Stored XSS in comments Cross-site Scripting (XSS) - Generic a0xnirudh No rating 2016-01-01
Cross-site Scripting https://www.zendesk.com/product/pricing/ Cross-site Scripting (XSS) - Generic mdv No rating 2015-12-09
Stored XSS in comments Cross-site Scripting (XSS) - Generic zombiehelp54 No rating 2015-11-13
CSV Excel Macro Injection Vulnerability in export chat logs Command Injection - Generic alyssa_herrera No rating 2015-11-05
Content Spoofing Information Disclosure girish_s_pattanashetty No rating 2015-11-02
CSV Excel Macro Injection Vulnerability in export customer tickets Command Injection - Generic alyssa_herrera No rating 2015-11-02
Cross-site Scripting in all Zopim Cross-site Scripting (XSS) - Generic mdv No rating 2015-10-21
[API ISSUE] agents can Create agents even after they are disabled ! Privilege Escalation defmax No rating 2015-09-10
Stored Cross site scripting In developer.zendesk.com Cross-site Scripting (XSS) - Generic d1pakda5 No rating 2015-09-02
Security Missconfiguration in Autologin Cryptographic Issues - Generic d1pakda5 No rating 2015-08-15