Public
Discourse
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
Discourse
$256
Any authenticated user can download full list of users, including email
Discourse
$64
SSRF in upload IMG through URL
Discourse
$512
Admin Command Injection via username in user_archive ExportCsvFile
Discourse
$512
Arbitrary Local-File Read from Admin - Restore From Backup due to Symlinks
Discourse
$256
Stored XSS in posts because of absence of oembed variables values escaping
Discourse
$256
Stored XSS in topics because of whitelisted_generic engine vulnerability
Discourse
$256
XSS in topics because of bandcamp preview engine vulnerability
Discourse
$128
Users can bookmark other user's messages
Discourse
$256
XSS vulnerability on Audio and Video parsers
Discourse
$256
XSS Vulnerability on Image link parser
Discourse
$256
DOM Based XSS in Discourse Search