+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-07-21 (/Thread-HackerOne-Disclosed-Reports-2025-07-21)
HackerOne disclosed reports - 2025-07-21 - hashXploiter - 07-22-2025
High
resolved
resolved
XSS on Amazon Aquisition: elemental
Bug reported by Muhammad Qasim was disclosed at July 22, 2025, 12:48 am | Cross-site Scripting (XSS) - Reflected
The XSS vulnerability on Amazon's acquisition of Elemental was identified and addressed. The summary provided a brief overview of the issue.
Critical
resolved
resolved
[CRITICAL] 0-Click Account Takeover via Password Reset [AUTH-3243] /orchestrator/v1/password_reset/start
Bug reported by osama mohamed was disclosed at July 21, 2025, 10:23 pm | Improper Access Control - Generic
The vulnerability discovered allowed an attacker to reset the password of a victim's account without any user interaction or special privileges. The attacker could intercept the password reset request, modify it with the victim's session data, and successfully take over the victim's account.