Clickjacking
Disclosed: 2025-08-22
Medium Severity
Clickjacking via CyfareGPT Export
Vulnerability Disclosure Program — Hall of Fame
Report vulnerabilities in cyfare.net and earn your spot on our wall of gratitude. We appreciate responsible disclosure and celebrate all researchers who help keep our users safe.
Hall of Fame
Security researchers who have helped make Cyfare more secure
DNS Rebinding
Disclosed: 2025-06-13
Medium Severity
DNS Rebinding via Link Shortner
HTML Injection (Bypass)
Disclosed: 2025-06-11
Medium Severity
HTML Injection filter evasion (bypass) in CyfareGPT Chat
Reflected XSS (Bypass)
Disclosed: 2025-06-07
Medium Severity
Reflected XSS filter evasion (bypass) in CyfareGPT Chat
Missing Secure Headers
Disclosed: 2025-01-31
Medium Severity
Inadequate HSTS implementation and missing secure flag for cookies.
Reflected XSS
Disclosed: 2024-12-04
Medium Severity
Reflected XSS in CyfareGPT Chat
DoS Via JSON Injection
Disclosed: 2024-11-03
High Severity
Application DoS via JSON Injection Throughout Site
Honorary Mentions
Honoring disclosures that don't match the vulnerability criteria for cyfare.net, but are valid issues in most scenarios.
Insecure File Upload
Disclosed: 2025-06-12
Informational
Cyfare File Upload allows users to upload any type of file (could be malicious file) without rejection.
See something? Say something.
We respond quickly to high-impact reports and credit all valid disclosures here.
security@cyfare.net