Click here to find out how much more you could be saving on business travel with our free calculator!

Vulnerability Disclosure

Hall of Fame

This is a summary of accepted vulnerabilities submitted by independent researches.

Date Reporter Status Reward Paid Description
11-11-2020 Cobalt Fixed - Cross-Site Scripting (XSS)
17-11-2020 Cobalt Fixed - Banner Disclosure
11-11-2020 Cobalt Fixed - Clickjacking
11-11-2020 Cobalt Fixed - Missing Validation on Max Number of Email Addresses
11-11-2020 Cobalt Fixed - Missing Rate Limit on API Requests
11-11-2020 Cobalt Fixed - Nginx DNS Resolver Off-By-One Heap
02-08-2021 Yukesh Kumar Fixed - Sensitive Files/Information Disclosed
03-08-2021 Shubham dnyandev shete Fixed - Sensitive Token Sent Over HTTP
06-08-2021 Prajit Sindhkar Fixed - HTML Injection in dest parameter
07-08-2021 Takshal Patel Fixed - Missing Authentication Check leading to unauthorised js file read and Application level Dos attack
09-08-2021 Pankaj Lakshkar Fixed - Incomplete or No Cache-control and Pragma HTTP Header Set
10-08-2021 Shubham dnyandev shete Fixed - Content Security Policy - Wildcard Directive
12-08-2021 Prajit Sindhkar Fixed - XSS / HTML Injection in lang parameter
12-08-2021 Pankaj Lakshkar Fixed - Missing Certificate Authority Authorization rule
12-08-2021 Pankaj Lakshkar Fixed - Missing Password Max Character Validation
13-08-2021 Prajit Sindhkar Fixed - Get Based Open Redirection
14-08-2021 Ravindra lakhara Fixed - Authenticated XXE Within the Media Library Affecting PHP 8
14-08-2021 Ravindra lakhara Fixed - Authenticated Password Protected Pages Exposure
14-08-2021 Bruce Fixed - Password Reset Token Not Expire After Password Change
14-08-2021 Bruce Fixed - Password Reset Token Not Expire After Issuing New Token
16-08-2021 Akash Fixed - Missing Validation on User Names
17-08-2021 Takshal Patel Fixed - Denial Of Service By Cache Poisoning / CORS Misconfiguration Lead to Sensitive Information Disclosed
18-08-2021 Kanhaiya Sharma Fixed - Source Code disclosure
18-08-2021 Takshal Patel Fixed - Lack of Password Confirmation for critical function
24-08-2021 Pankaj Lakshkar Fixed - CLRF injection
03-09-2021 Mohmmad Nurnobi Fixed - Insecure Email Change Leads account takeover
04-09-2021 Mohmmad Nurnobi Fixed - Sensitive Token leaked to 3rd Party
11-09-2021 Sujan Shetty Fixed - Wp-cron.php is enabled and accessible to any user
19-09-2021 Deepak Sharma Fixed - HTML injection vulnerability on "s" parameter
27-09-2021 Karthic Kumar Fixed - Directory Listing Disclosed
22-03-2022 Sumit Sahoo Fixed - Cross-Site Scripting (XSS) and Insecure Direct Object Reference (IDOR)
29-04-2023 MD Shopon Alom Fixed - Unauthorized access to WP admin dashboard without login
22-08-2023 Milan R P Fixed - Session Fixation vulnerability
13-09-2023 Sachin Prmeshwar Kalkumbe Fixed - TLS-RPT Misconfiguration
14-09-2023 Sachin Prmeshwar Kalkumbe Fixed - MTA-STS record is missing
19-09-2023 Rushaly Misquith Fixed - HTML injection vulnerability on partners page
9-10-2023 Sachin Prmeshwar Kalkumbe Fixed - Session not expire after password reset using remember-me feature
10-10-2023 Sachin Prmeshwar Kalkumbe Fixed - Laravel debug code enabled

want to submit your own? click here

Why TruTrip?
Solutions
Resources
Company
Follow Us

Copyright © 2025 TruTrip. All rights reserved