Moneybird Bug Bounty Program Statistics

Moneybird Program Statistics

24 total issues disclosed

$1,300 total paid publicly

Most disclosed (6 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
IDOR in https://moneybird.com/user/accountant_company/edit(change company name)	Insecure Direct Object Reference (IDOR)	t3chnophil3	Low	2021-09-21
No rate Limit	None supplied	citizen0x	Low	2021-05-03
Stored XSS on add project	Cross-site Scripting (XSS) - Stored	tofla	Medium	2020-10-05
Pending MFA logins aren't immediatly expired after a password change	Session Fixation	ant_pyne	Low	2020-07-10
Bypass password reset rate limit protection at moneybird.com/passwords	Denial of Service	osama-hamad	High	2019-12-22
Enable 2FA without verifying the email	Denial of Service	rioncool22	Medium	2019-10-25
Open Redirection while saving User account Settings	Open Redirect	prial261	Medium	2017-11-15
Stored XSS at Moneybird	Cross-site Scripting (XSS) - Stored	geeklegend	Medium	2017-08-17
Moneybird customers invoices leak in cacheable urls	None supplied	bogdantcaciuc	Low	2017-08-16
Webhook allows sending payload using insecure HTTP protocol	Cryptographic Issues - Generic	mattweidner	No rating	2017-06-28
Stored Cross Site Scripting in Customer Name	Cross-site Scripting (XSS) - Generic	yaworsk	Low	2017-03-17
XXE issue	Command Injection - Generic	4lemon	No rating	2017-03-17
Stored XSS thru SVG upload	Cross-site Scripting (XSS) - Generic	4lemon	No rating	2017-03-17
Logging out any user	Violation of Secure Design Principles	japz	No rating	2016-08-26
Content Spoofing In Moneybird	Violation of Secure Design Principles	a5tronaut	No rating	2016-08-26
[Stored Cross-Site-Scripting] When search about Incoming ( Manual Jurnal )	Cross-site Scripting (XSS) - Generic	bogdantcaciuc	No rating	2016-08-05
Open Redirect vulnerability in moneybird.com	Open Redirect	a5tronaut	No rating	2016-07-28
information disclose	Information Disclosure	dotnick	No rating	2016-07-06
[STORED XSS] in debtor reports of ,,invoices''	Cross-site Scripting (XSS) - Generic	bogdantcaciuc	No rating	2016-07-06
CSV Injection with the CSV export feature	Command Injection - Generic	trabajoduro	No rating	2016-06-13
Stored XSS in Financial Account executing in Bank tab	Cross-site Scripting (XSS) - Generic	hackheaven123	No rating	2016-06-13
Malicious File Upload	Violation of Secure Design Principles	hackheaven	No rating	2016-06-13
Employees with Any Permissions Can Create App with Full Permissions and Perform any API Action	Improper Authentication - Generic	yaworsk	No rating	2016-06-13
Reflected XSS in Backend search	Cross-site Scripting (XSS) - Generic	krankopwnz	No rating	2016-06-11

BugBountyHunter

Moneybird Program Statistics

Disclosed Reports