#1066607 HTML Injection through Account Name field on TikTok ads portal being rendered on …
The Account Name field on the TikTok Ads Portal did not have restrictions on HTML […]
Read more
Tag: HackerOne
#1065500 Multiple bugs leads to RCE on TikTok for Android
TikTok. Reported at, December 23, 2020 1:47pm -0800. Asset. com.zhiliaoapp.musically. (Android: Play Store). CVE ID. […]
Read more
948150 Open Redirect Vulnerability on TikTok Ads Portal
State, Resolved (Closed). Disclosed, January 8, 2021 4:08pm -0800. Reported to. TikTok. Reported at, July […]
Read more
1001951 CORS bypass on TikTok Ads Endpoint
An endpoint used by the TikTok Ads portal was vulnerable to CORS bypass therefore potentially […]
Read more
1006524 CORS misconfiguration in TikTok ads portal
A CORS misconfiguration was discovered in the TikTok ads portal which could potentially allow an […]
Read more964467 Bypass SMS verification to delete TikTok account
Improper authorization could potentially allow an attacker to bypass SMS verification and delete a TikTok […]
Read more1006599 Blind SSRF in ads.tiktok.com
A Server Side Request Forgery (SSRF) vulnerability was reported on the TikTok ads portal. This […]
Read more1010522 [CSRF] TikTok Careers Portal Account Takeover
A missing CSRF protection and open redirect vulnerability was reported in the TikTok Careers portal […]
Read more968082 Cross-Site-Scripting on www.tiktok.com and m.tiktok.com leading to Data Exfiltration
TikTok. Reported at, August 26, 2020 1:07pm -0700. Asset. *.tiktok.com. (Domain). CVE ID. Weakness, Cross-site […]
Read moretiktok's Hacktivity – HackerOne
TikTok. http://tiktok.com. Reports resolved. 36. Assets in scope. 12. Average bounty. $257-$515. Submit report. Bug […]
Read more