Non\-changing "\_idnonce" value leads to CSRF on accounts at https://intensedebate\.com for account takeover https://hackerone.com/reports/1090982 Disclosed at: 2021-02-17 09:35:50 UTC+0 Created at: 2021-01-30 21:00:39 UTC+0
Server\-side template injection at ujs test server https://hackerone.com/reports/942103 Disclosed at: 2021-02-16 13:22:47 UTC+0 Created at: 2020-07-25 05:56:19 UTC+0
Administrative access to development deployment of web service due to auto\-filled credentials https://hackerone.com/reports/923022 Disclosed at: 2021-02-16 13:19:25 UTC+0 Created at: 2020-07-14 03:43:16 UTC+0
Possible access to the car's photo and registration by its ID on \[fleet\.city\-mobil\.ru\] https://hackerone.com/reports/950507 Disclosed at: 2021-02-16 12:00:58 UTC+0 Created at: 2020-08-03 21:55:23 UTC+0
Disclosure of the account email by phone number on \[corporate\.city\-mobil\.ru\] https://hackerone.com/reports/996981 Disclosed at: 2021-02-16 11:59:38 UTC+0 Created at: 2020-10-03 08:17:23 UTC+0
HTML injection in an email \[delivery\.city\-mobil\.ru\] https://hackerone.com/reports/1034317 Disclosed at: 2021-02-16 11:58:58 UTC+0 Created at: 2020-11-14 00:40:37 UTC+0