Security News > 2020 > October > The 10 vulnerabilities most commonly discovered by bug bounty hunters in 2020
HackerOne's list was topped by cross-site scripting, and found improper access control and SSRF vulnerabilities to be climbing in number and risk potential.
Bug bounty platform HackerOne has released its list of the most commonly discovered security vulnerabilities for 2020, with the 10 vulnerabilities listed accounting for $23.5 million in payouts to white hat hackers hunting down bugs and reporting them on its platform.
HackerOne has four key findings that it takes away from the list: The persistent threat of XSS, a rapid rise in improper access control and information disclosure, SSRF vulnerabilities becoming much more dangerous, and a decline in SQL injection attacks.
2020 saw a 26% rise in XSS bug payouts, and XSS accounted for 18% of all bugs reported on HackerOne.
SSRF is usually benign, HackerOne said, with attacks typically just allowing network scanning or access to an administrator panel.