Report #3037447 – Stored XSS on TikTok's backend leads to the leakage of highly sensitive …
A stored cross-site scripting vulnerability was found in TikTok's contact form backend. When malicious code […]
Read more
Tag: HackerOne
Report #3012526 – Chained Broken Access Control in TikTok Live Backstage Enables Full …
A broken access control vulnerability in TikTok Live Backstage allowed low-privilege users (group members and […]
Read more
TikTok – Chain Vulnerability lead to Full Control Group Live Accounts & Undeletable Creator
An Insecure Direct Object Reference (IDOR) vulnerability was found on a TikTok LIVE backend platform, […]
Read more
Report #2848610 – IDOR on ads.tiktok.com Allows Unauthorized Product Addition – HackerOne
An Insecure Direct Object Reference (IDOR) vulnerability was found on a TikTok Ads API, which […]
Read more
Report #2868084 – Unauthorized Access to TikTok Account [Private Videos] via API Endpoint
A vulnerability on a TikTok endpoint was found that could have resulted in unauthorized viewing […]
Read more
TikTok | Report #2295958 – Exploitable live argument in onClick Function leads to … – HackerOne
Within the "Search Product" function in TikTok Shop Seller API, the ability to access inactive […]
Read more
Report #2443228 – Account Takeover via Authentication Bypass in TikTok Account Recovery
An improper authentication mechanism in TikTok's account recovery process could have been used for account […]
Read more
Report #2221547 – Multiple Open Redirect on TikTok domains – HackerOne
An open redirection vulnerability was found via a path traversal on the 'redirect_url' parameter when […]
Read more
Report #2280863 – RXSS on TikTok endpoints – HackerOne
A Cross-Site Scripting (XSS) vulnerability was found on two TikTok incentive endpoints, due to the […]
Read more
Report #1543234 – CSRF protection bypass on TikTok Webcast Endpoints – HackerOne
API on TikTok Webcast endpoints prevent CSRF by validating the Origin header which indicates the […]
Read more
#1549451 DOM XSS on ads.tiktok.com – HackerOne
A Cross-Site Scripting (XSS) vulnerability was found on a TikTok Ads endpoint via the "settings" […]
Read more
Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com – HackerOne
A blind stored Cross-Site Scripting (XSS) vulnerability was found on a TikTok Ads domain via […]
Read more
#1554048 XSS Payload on TikTok Seller Center endpoint – HackerOne
Stored Cross-Site Scripting (XSS) was found on the "Edit Product" page of a TikTok Seller […]
Read more
#1505567 Privilege Escalation on TikTok for Business – HackerOne
An IDOR (Insecure Direct Object Reference) vulnerability was found on the "org_id" and "account_id" parameters […]
Read more
#1504294 Impersonation of tiktok account via Broken Link in TikTok Newsroom – HackerOne
A broken link was found on TikTok Newsroom, which could have allowed an attacker to […]
Read more
#1452375 Reflected xss on ads.tiktok.com using `from` parameter. – HackerOne
A XSS (cross-site scripting) vulnerability was found on a TikTok ads endpoint using the "from" […]
Read more
#1376961 Cross-site Scripting (XSS) – Stored on ads.tiktok.com in Text field – HackerOne
A XSS (cross-site scripting) vulnerability was found in TikTok ads through "text" field. We thank […]
Read more
#1249050 Information Disclosure on TikTok Unplugged Site
Information Disclosure on TikTok Unplugged Site. Share: Summary by TikTok. An attacker could have retrieved […]
Read more
#1133661 TikTok Session Donation CSRF via QR code login
A CSRF (Cross Site Request Forgery) vulnerability was reported in TikTok's QR code login which […]
Read more
#1024575 RCE on TikTok Ads Portal – HackerOne
The video upload endpoint on the TikTok Ads portal was potentially susceptible to remote code […]
Read more