| CSRF on developer.zendesk.com via Cache Deception |
None supplied |
imran_nazir |
Medium |
2020-11-25 |
| Stored Cross Site Scripting on Zendesk agent dashboard |
Cross-site Scripting (XSS) - Stored |
apfeifer27 |
High |
2018-10-13 |
| Secret API Key Leakage via Query String |
Information Disclosure |
luckydivino |
High |
2017-12-20 |
| dom based xss in *.zendesk.com/external/zenbox/ |
Cross-site Scripting (XSS) - DOM |
sergeym |
Medium |
2017-12-20 |
| XSS with needed user intervention |
Cross-site Scripting (XSS) - Generic |
irotem2 |
Low |
2017-11-01 |
| SSRF issue in "URL target" allows [REDACTED] |
Information Disclosure |
agarri_fr |
No rating |
2017-10-16 |
| Remote code execution as root on [REDACTED] |
Code Injection |
agarri_fr |
No rating |
2017-10-16 |
| open redirect in <your_zendesk>.zendesk.com |
Open Redirect |
zombiehelp54 |
No rating |
2017-10-16 |
| Stored XSS in Draft Articles. |
Cross-site Scripting (XSS) - Generic |
harry_mg |
No rating |
2017-10-16 |
| Unvalidated / Open Redirect |
Open Redirect |
boniao_norwin |
Medium |
2017-10-16 |
| Race Condition in Article "Helpful" Indicator |
None supplied |
cablej |
No rating |
2017-10-16 |
| Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks |
Improper Authentication - Generic |
intidc |
Critical |
2017-09-21 |
| Android SDK - CREATE_REQUEST broascast is unprotected |
Information Disclosure |
bagipro |
Medium |
2017-03-18 |
| a stored xss in web widget chat |
Cross-site Scripting (XSS) - Generic |
boniao_norwin |
High |
2017-03-18 |
| Error stack trace enabled |
Information Disclosure |
4lemon |
No rating |
2017-03-18 |
| express config leaking stacktrace |
Information Disclosure |
prbln |
Medium |
2017-03-18 |
| Missing function level access controls allowing attacker to abuse file access controls. Multiple vulnerabilities |
Privilege Escalation |
abhijeth |
No rating |
2017-02-23 |
| XSS in zendesk.com/product/ |
Cross-site Scripting (XSS) - Generic |
virtualhunter |
No rating |
2016-12-15 |
| AWS S3 bucket writable for authenticated aws user |
Improper Authentication - Generic |
dpgribkov |
No rating |
2016-11-29 |
| [status.zopim.com] Open Redirect |
Open Redirect |
bobrov |
No rating |
2016-10-26 |
| Full Sub Domain Takeover at wx.zopim.net |
None supplied |
punkrock |
Medium |
2016-10-26 |
| Stored XSS on [your_zendesk].zendesk.com in Facebook Channel |
Cross-site Scripting (XSS) - Generic |
eboda |
No rating |
2016-06-01 |
| Stored XSS via Angular Expression injection on developer.zendesk.com |
Cross-site Scripting (XSS) - Generic |
albinowax |
No rating |
2016-06-01 |
| [HIGH RISK] CSRF could potentially delete a zendesk subdomain. |
Cross-Site Request Forgery (CSRF) |
apok |
No rating |
2016-05-24 |
| XSS In /zuora/ functionality |
Cross-site Scripting (XSS) - Generic |
apok |
No rating |
2016-05-24 |
| [CRITICAL] HTML injection issue leading to account take over |
Cross-site Scripting (XSS) - Generic |
zombiehelp54 |
No rating |
2016-04-04 |
| Chat History CSV Export Excel Injection Vulnerability |
Command Injection - Generic |
pr0tagon1st |
No rating |
2016-04-04 |
| [CRITICAL] CSRF leading to account take over |
Cross-Site Request Forgery (CSRF) |
zombiehelp54 |
No rating |
2016-04-04 |
| Stored XSS in comments |
Cross-site Scripting (XSS) - Generic |
a0xnirudh |
No rating |
2016-01-01 |
| Cross-site Scripting https://www.zendesk.com/product/pricing/ |
Cross-site Scripting (XSS) - Generic |
mdv |
No rating |
2015-12-09 |
| Stored XSS in comments |
Cross-site Scripting (XSS) - Generic |
zombiehelp54 |
No rating |
2015-11-13 |
| CSV Excel Macro Injection Vulnerability in export chat logs |
Command Injection - Generic |
alyssa_herrera |
No rating |
2015-11-05 |
| Content Spoofing |
Information Disclosure |
girish_s_pattanashetty |
No rating |
2015-11-02 |
| CSV Excel Macro Injection Vulnerability in export customer tickets |
Command Injection - Generic |
alyssa_herrera |
No rating |
2015-11-02 |
| Cross-site Scripting in all Zopim |
Cross-site Scripting (XSS) - Generic |
mdv |
No rating |
2015-10-21 |
| [API ISSUE] agents can Create agents even after they are disabled ! |
Privilege Escalation |
defmax |
No rating |
2015-09-10 |
| Stored Cross site scripting In developer.zendesk.com |
Cross-site Scripting (XSS) - Generic |
d1pakda5 |
No rating |
2015-09-02 |
| Security Missconfiguration in Autologin |
Cryptographic Issues - Generic |
d1pakda5 |
No rating |
2015-08-15 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles