Ed Program Statistics

View program

9 total issues disclosed

$0 total paid publicly

Most disclosed (2 disclosures) — Denial of Service

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Physical Laptop Takeover Privacy Violation glassofbeer Critical 2018-08-12
Session cookie missing SecureFlag on git.edoverflow.com. Information Disclosure tangent90ninety Medium 2018-05-03
Session Cookie Without Secure Flag Violation of Secure Design Principles cybertiger None 2018-04-28
Session Cookie Without Secure Flag, Information Disclosure tangent90ninety None 2018-04-26
DOM XSS in edoverflow.com/tools/respond due to unsafe usage of the innerHTML property. Cross-site Scripting (XSS) - DOM karel_origin Low 2018-04-23
Fix for self-DoS in Security-txt Chrome Extension. Denial of Service karel_origin Low 2017-12-19
Chrome Extension is vulnerable to the self-DOS issues in case it process the security.txt with a big size Denial of Service sp1d3rs Low 2017-12-18
Possible to redirect to a (non-existing) subdomain after logging in via GitHub (leaking the token) Open Redirect jackds High 2017-11-25
Oauth flow on the comments widget login can lead to the access code leakage Improper Authentication - Generic sp1d3rs Low 2017-11-24