Acknowledgements
Acknowledgements
The Cambridge University Press & Assessment wishes to thank the following Researchers who have participated in our Vulnerability Disclosure Programme.
Table of Contents
1. 2023-present
| Researcher | Vulnerability | Date |
|---|---|---|
| Sumit Baa | Information Disclosure Vulnerability in 3rd Party Software | February 2023 |
| Mohd Farzaan | Exposed File | March 2023 |
| Alessandro Christo Rumampuk | Broken Link Hijaking & Reflected XSS | March 2023 |
| Abdulaziz Alatawi | Exposed File (Metrics) | March 2023 |
| Yasser Alenazi | Directory Traversal | March 2023 |
| RubX | Exposure of Secret Key | March 2023 |
| Rohit Burke | Insufficient Access Control | March 2023 |
| Viral Vaghela | Lack of Access Control | April 2023 |
| Ahmed Najeh | Exposed File | April 2023 |
| Bharat Thakur | Database Misconfiguration | April 2023 |
| Viral Vaghela | Manifest File Exposed | May 2023 |
| Abhinav Kuma | Public XMLRPC | May 2023 |
| Sushil Phuyal | Exposed File (Metrics) | May 2023 |
| Kullai Metikala | Open Redirect | May 2023 |
| Naresh Adhikari | Code Injection | May 2023 |
| Shivam Singh King | Incorrect Authorisation | May 2023 |
| Shivam Singh King | Command Injection | May 2023 |
| Gaurang Maheta | Information Disclosure | June 2023 |
| root | Service Information Disclosure | June 2023 |
| Nikhil Rane | XSS Vulnerability | July 2023 |
| Tanvir Imon | Text-based Injection | July 2023 |
| Prashant Lanjewar | Information Disclosure | July 2023 |
| Kanajam Ananthapurnasai | SSRF Vulnerability/ CLRF Injection | July 2023 |
| Nikhil Rane | CSRF | July 2023 |
| Toshit Bharti | Exposed File | August 2023 |
| Smit Surendrakumar Rami | Information Disclosure | August 2023 |
| Love Yadav | Open Redirection | August 2023 |
| root | Path Traversal | September 2023 |
| Defenzelite Security Team | Service Information Disclosure | September 2023 |
| Naresh Adhikari | Open Redirect | September 2023 |
| Debajyoti Maity | HTML Injection | October 2023 |
| DeadxSEC | HTML Injection | October 2023 |
| Defenzelite Security Team | Remote-Code Execution | November 2023 |
| Ahmed ashraf taha | Multiple Vulnerabilities | November 2023 |
| Debahyoti Maity | Clickjacking | December 2023 |
| Ishwar Kumar | Enumeration | December 2023 |
| Tijn Heijboer | Refelcted XSS | December 2023 |
| Avadhesh Nishad | Open Redirection & Reflected XSS | December 2023 |
| HeRMiT | Reflected XSS | December 2023 |
| Raman Mohurle | Subdomain Takeover | January 2024 |
| Kaushal Singh | XSS Vulnerability | January 2024 |
| HeRMiT | Reflected XSS Vulnerability | January 2024 |
| Chinmaya Rana | Broken Link | January 2024 |
| Sanan Gasimzada | XSS and HTML Injection | January 2024 |
| Abdennour Chakifi | HTML Injection | February 2024 |
| Khaled Ben Ali | SQL Injection | February 2024 |
| Avadhesh Nishad | CRLF Injection | February 2024 |
| Harshit Kumar | Invalid Email Account Creation Issue | February 2024 |
| Vinayak Sakhare | Exposed File | February 2024 |
| Joel Mathias | Broken Link Hijacking | February 2024 |
| Mohamed Akees | Broken Link Hijacking | February 2024 |
| Miguel Segovia Gil | IDOR | April 2024 |
| Umair Farooqui | Reflected XSS | April 2024 |
2. Information for reporters
If you have reported an issue that was accepted by Cambridge, but your details are not listed above, please contact bugreport@cambridge.org and include the reference number you were provided with in the subject line.
Cambridge University Press & Assessment relies on consent to publish personal information, and will only do so if the reporter asks us to. You may withdraw your consent at any time by contacting bugreport@cambridge.org. For further information about how the Cambridge University Press & Assessment processes your personal information including your rights under data protection law, please see the Cambridge University Press & Assessment’s Privacy Notice.
3. Website links
Please note that we only link to security researcher social media profiles. Our trust model does not enable us to link to other websites. Currently LinkedIn, Twitter and Facebook profile links are accepted. Other social media sites will be reviewed and considered at point of request.
