Item added to bagSorry, there was a problem getting your bag informationItem cannot be purchased with the existing contents of your bagItem unavailable online

was added to your bag.

Please try again.

Sorry, this item cannot be purchased in the same transaction as the existing items in your bag.

Please complete the purchase of the items currently in your bag and then add this item in a separate transaction or visit Shopping Help.

Sorry, this product is not currently available to buy online. Please visit Shopping Help.

View bag and checkout
Remove item

Are you sure you want to remove from your bag?

Acknowledgements

Acknowledgements

The Cambridge University Press & Assessment wishes to thank the following Researchers who have participated in our Vulnerability Disclosure Programme.

Table of Contents

  1.  2023-present
  2. Information for reporters
  3. Website links

1)  2023-present

ResearcherVulnerabilityDate
Sumit BaaInformation Disclosure Vulnerability in 3rd Party SoftwareFebruary 2023
Mohd FarzaanExposed FileMarch 2023
Alessandro Christo RumampukBroken Link Hijaking & Reflected XSSMarch 2023
Abdulaziz AlatawiExposed File (Metrics)March 2023
Yasser AlenaziDirectory TraversalMarch 2023
RubXExposure of Secret KeyMarch 2023
Rohit BurkeInsufficient Access ControlMarch 2023
Viral VaghelaLack of Access ControlApril 2023
Ahmed NajehExposed FileApril 2023
Bharat ThakurDatabase MisconfigurationApril 2023
Viral VaghelaManifest File ExposedMay 2023
Abhinav KumaPublic XMLRPCMay 2023
Sushil PhuyalExposed File (Metrics)May 2023
Kullai MetikalaOpen RedirectMay 2023
Naresh AdhikariCode InjectionMay 2023
Shivam Singh KingIncorrect AuthorisationMay 2023
Shivam Singh KingCommand InjectionMay 2023
Gaurang MahetaInformation DisclosureJune 2023
rootService Information DisclosureJune 2023
Nikhil Rane XSS VulnerabilityJuly 2023
Tanvir ImonText-based InjectionJuly 2023
Prashant LanjewarInformation Disclosure July 2023
Kanajam AnanthapurnasaiSSRF Vulnerability/ CLRF InjectionJuly 2023
Nikhil RaneCSRFJuly 2023
Toshit BhartiExposed FileAugust 2023
Smit Surendrakumar RamiInformation Disclosure August 2023
Love YadavOpen RedirectionAugust 2023
rootPath TraversalSeptember 2023
Defenzelite Security TeamService Information DisclosureSeptember 2023
Naresh AdhikariOpen RedirectSeptember 2023
Debajyoti MaityHTML InjectionOctober 2023
DeadxSECHTML InjectionOctober 2023
Defenzelite Security TeamRemote-Code ExecutionNovember 2023
Ahmed ashraf tahaMultiple VulnerabilitiesNovember 2023
Debajyoti MaityClickjackingDecember 2023
Ishwar KumarEnumerationDecember 2023
Tijn HeijboerRefelcted XSSDecember 2023
Avadhesh NishadOpen Redirection & Reflected XSSDecember 2023
HeRMiTReflected XSSDecember 2023
Chinmaya RanaInformation DisclosureDecember 2023
Raman MohurleSubdomain TakeoverJanuary 2024
Kaushal SinghXSS VulnerabilityJanuary 2024
HeRMiTReflected XSS VulnerabilityJanuary 2024
Chinmaya RanaBroken LinkJanuary 2024
Sanan GasimzadaXSS and HTML InjectionJanuary 2024
Abdennour ChakifiHTML InjectionFebruary 2024
Khaled Ben AliSQL InjectionFebruary 2024
Avadhesh NishadCRLF InjectionFebruary 2024
Harshit KumarInvalid Email Account Creation IssueFebruary 2024
Vinayak SakhareExposed FileFebruary 2024
Joel MathiasBroken Link HijackingFebruary 2024
Mohamed AkeesBroken Link HijackingFebruary 2024
Aditya SaxenaExposed FileFebruary 2024
Miguel Segovia GilIDORApril 2024
Umair FarooquiReflected XSSApril 2024
Himanshu SondhiWP IssueMay 2024

 

2) Information for reporters

If you have reported an issue that was accepted by Cambridge, but your details are not listed above, please contact [email protected] and include the reference number you were provided with in the subject line.

 

Cambridge University Press & Assessment relies on consent to publish personal information, and will only do so if the reporter asks us to. You may withdraw your consent at any time by contacting [email protected]. For further information about how the Cambridge University Press & Assessment processes your personal information including your rights under data protection law, please see the Cambridge University Press & Assessment’s Privacy Notice.

 

Please note that we only link to security researcher social media profiles. Our trust model does not enable us to link to other websites. Currently LinkedIn, Twitter and Facebook profile links are accepted. Other social media sites will be reviewed and considered at point of request.