Bounties
Partners
Community
Info
kromitgmbh / titra
Project repository
titra - modern open source project time tracking for freelancers and small teams
Submit a report
FIRST INTERACTION
WITHIN
2 DAYS
REVIEW
WITHIN
4 DAYS
FIX
WITHIN
4 DAYS
Clickjacking
Feb 21st 2023
jeffreygaor
•
self closed
No Rate Limiting on Reset Password Page led to Email Bomb and Email Resources Dr...
Feb 22nd 2023
jeffreygaor
•
not applicable
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Servi...
Oct 11th 2022
nilabhrajpoot
•
not applicable
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Jul 24th 2022
7h3h4ckv157
•
not applicable
RCE due to Improper Authorization in 'Add Extension' functionality
Jun 27th 2022
hak2learn
•
Critical
•
$5
Critical
•
$5
•
CVE-2022-2595
CVE-2022-2595
Business Logic Errors
Jun 22nd 2022
khanhchauminh
•
not applicable
Clickjacking vulnerability
Jun 23rd 2022
khanhchauminh
•
not applicable
Cross-site Scripting (XSS) - Stored
Jun 27th 2022
khanhchauminh
•
Critical
•
$6
Critical
•
$6
Allows large characters in change password filling
Jun 16th 2022
lengochoa7112000
•
High
•
$5
High
•
$5
Allows large characters in password filling
Jun 16th 2022
lengochoa7112000
•
High
•
$5
High
•
$5
Weak Password Policy
Jun 16th 2022
lengochoa7112000
•
High
•
$5
High
•
$5
Generation of Error Message Containing Sensitive Information
Jun 16th 2022
lengochoa7112000
•
High
•
$5
High
•
$5
CORS: arbitrary origin trusted
Jul 4th 2022
kmaron1n
•
not applicable
Weak policy at Change password function
Jun 16th 2022
kmaron1n
•
High
•
$5
High
•
$5
•
CVE-2022-2098
CVE-2022-2098
UI REDRESSING
Jun 12th 2022
tharunavula
•
Critical
•
$5
Critical
•
$5
stored xss
Jun 9th 2022
tharunavula
•
Critical
•
$5
Critical
•
$5
Generation of Error Message Containing Sensitive Information
Jun 12th 2022
lengochoa7112000
•
High
•
$5
High
•
$5
UI Redressing
Jun 12th 2022
lengochoa7112000
•
High
•
$5
High
•
$5
Weak Password Policy
Jun 12th 2022
lengochoa7112000
•
High
•
$5
High
•
$5
Stored XSS in Task field
Jun 7th 2022
saharshtapi
•
High
•
$5
High
•
$5
•
CVE-2022-2029
CVE-2022-2029
Stored XSS in Project Name
Jun 7th 2022
saharshtapi
•
High
•
$5
High
•
$5
•
CVE-2022-2028
CVE-2022-2028
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elemen...
Jun 7th 2022
saharshtapi
•
High
•
$5
High
•
$5
•
CVE-2022-2027
CVE-2022-2027
Stored XSS in Name
Jun 7th 2022
saharshtapi
•
High
•
$5
High
•
$5
•
CVE-2022-2026
CVE-2022-2026
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
