Acknowledgements

The BBC wishes to thank the following Security Researchers who have participated in our Vulnerability Disclosure Programme

2019

ResearcherVulnerability

Date

Wasim ShaikhXSS VulnerabilityMay 2019
Acelakshit vermaXSS VulnerabilityMay 2019
Angel TsvetkovXSS Reflected VulnerabilityApril 2019
Pethuraj MReflected XSS VulnerabilityApril 2019 
Jayateertha GXSS VulnerabilityApril 2019
Dhrudeep PatelOpen redirect VulnerabilityMarch 2019
Wai Yan AungXSS VulnerabilityMarch 2019
Vineet KumarSub-domain takeoverMarch 2019
Anjali PatilXSS VulnerabilityMarch 2019
Ashish KunwarInformation disclosureMarch 2019
EdOverflowXSS VulnerabilityMarch 2019
Nathan MahdaviTranscoder exposedFebruary 2019
B. FranklinVulnerable configurationFebruary 2019
Nicholas DineXSS VulnerabilityFebruary 2019
Anurag JainGitHub exposedJanuary 2019
Damian SchwyrzMultiple XSS VulnerabilitiesJanuary 2019

2018 

ResearcherVulnerabilityDate
Dan KelleyGET-based Reflective XSSDecember 2018
Varun ThoratOpen Redirection resulting in phishing & XSS attacksDecember 2018
Eric HeadXSS vulnerabilityNovember 2018
CyberanteaterXSS vulnerabilityNovember 2018
Avinash JainXSS vulnerabilityNovember 2018
Pranshu Tiwari CSRF vulnerabilityNovember 2018
Diego MoicanoXSS vulnerabilityOctober 2018
Trung NguyenSub-domain takeoverOctober 2018
Hrishikesh PanseXSS vulnerabilityOctober 2018 
Sébastien KaulVulnerable PHP configurationOctober 2018 
Puneet Kumar MauryaSPF records missingSeptember 2018
JubaBaghdadXSS vulnerability September 2018
Dhiraj MishraAccount takeoverSeptember 2018 
Efkan GökbasVulnerability via SWF FileSeptember 2018 
Kunal BahlImproper session validationSeptember 2018 
Saubhagya SrivastavaSession fixationSeptember 2018 
Kenan GUMUSXSS vulnerabilitySeptember 2018 
B.DhiyaneshwaranDirectory disclosureSeptember 2018 
Alfie NjeruInsufficient access controls, XSSAugust 2018
Michael SkeltonSub-domain takeoverAugust 2018
Robbie WigginsSub-domain takeoverAugust 2018
Thijs BaartXSS vulnerabilityAugust 2018
Sean RoesnerXSS vulnerabilityAugust 2018
Sam GilderWeb cache poisoningAugust 2018
Nicolas FrancoisXSS vulnerabilityAugust 2018
Zeeshan KhalidReflected XSS vulnerabilityAugust 2018
Joby JohnPublic Trello BoardsAugust 2018
Christoph KisfeldXSS vulnerabilityAugust 2018
Pedro CardosoXSS vulnerabilityAugust 2018 
Naveen.vInformation disclosureAugust 2018 

Reporters: please note that we are currently backfilling this page with reporter information. If you have reported a vulnerability which has been accepted and your details are not here already but you would like them to be, please contact security@bbc.co.uk and include the reference number you were provided with along with the name/handle and a link to a social media account if you wish that to appear here.

The BBC relies on consent to publish the personal information of researchers online. We will include a link to the researchers’ social media profiles, but only if the researcher asks us to do so. The researcher can withdraw their consent at any time by contacting security@bbc.co.uk. For further information about how the BBC processes your personal information including your rights under data protection law, please see the BBC’s privacy policy available here: https://www.bbc.co.uk/usingthebbc/privacy/