Public OLX bug reports.

Team Bounty Title
OLX - OLX is vulnerable to clickjaking
OLX - Subdomain Takeover ( ,,
OLX - Reflected XSS in
OLX - Combined attacks leading to stealing user's account
OLX - is using a very vulnerable version of WordPress and contains directory listing
OLX - Server Version Of
OLX - is vulnerable to POODLE attack
OLX - Reflected XSS in []
OLX - Multiple vulnerabilities in
OLX - CSRF in delete advertisement on
OLX - Reflective XSS at
OLX - Reflective XSS at
OLX - Reflected XSS in
OLX - Directory Listing of all the resource files of
OLX - Reflected XSS at
OLX - Name, email, phone and more disclosure on user ID (API)
OLX - Full path disclosure vulnerability at
OLX - Stored XSS in buy topup OLX Gold Credits
OLX - XSS and Open Redirect on
OLX - Bypassing Phone Verification For Posting AD On OLX
OLX - XSS and HTML Injection
OLX - full path disclosure vulnerability at*
OLX - Full Account Takeover
OLX - [Critical] Delete any account
OLX - these are my old reports and still i have not receive any good replys, these all are Cross Site Scripting(XSS) issues: POC1:
OLX - XSS on Meta Tag at
OLX - Unauthorised access to user accounts.
OLX - Stored XSS on contact name
OLX - XSS on Home page via auto save search text
OLX - xss
OLX - Reflected XSS at
OLX - Manipulating Job Vacancy alert subscription emails (HTML Injection / Script Injection)
OLX - cross-site scripting in get request
OLX - Reflected Cross Site scripting Attack (XSS)
OLX - XSS @ *
OLX - Arbitrary File Reading
OLX - Reflected XSS in
OLX - stored XSS in - ogloszenie TITLE element - moderator acc can be hacked
OLX - SQLi in Payment Request
OLX - Updating and Deleting any Ads on OLX Philippines
OLX - CSRF in account configuration leads to complete account compromise
OLX - XSS @ *