Zivver Program Statistics

View program

4 total issues disclosed

$0 total paid publicly

Most disclosed (1 disclosures) — Business Logic Errors

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Bypassing Rate limit for forgot password by using different ip addresses Violation of Secure Design Principles dhirenkumar8280 Low 2021-09-15
one delegate can add another delegate and delete other delegates, exposing all confidential inbox messages Privilege Escalation mavericknerd High 2021-06-21
Two-factor authentication can be disabled when logged in without 2fa or password confirmation Business Logic Errors nikolat3sla Medium 2020-10-19
XXE Injection through SVG image upload leads to SSRF XML External Entities (XXE) swaysthinking None 2020-10-06