Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-07-22
Full Version: HackerOne Disclosed Reports - 2025-07-22
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

07-23-2025, 12:30 PM
Logo
High
resolved

Mint Oauth2 access token for targeted user


Bug reported by Timothy Leung was disclosed at July 23, 2025, 12:06 am   |   Improper Authentication - Generic

The vulnerability allowed a group owner to create an application that was trusted by default, bypassing CSRF controls for the authorization flow. This enabled the minting of access tokens for targeted users without their consent.


Logo
High
resolved

XSS on Amazon Aquisition: elemental


Bug reported by Muhammad Qasim was disclosed at July 22, 2025, 12:48 am   |   Cross-site Scripting (XSS) - Reflected

The XSS vulnerability on Amazon's acquisition of Elemental was identified and addressed. The summary provided a brief overview of the issue.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-07-22