Sprint naar content
Kwetsbaarheid melden bij Fontys (Responsible Disclosure / CVD)

Fontys Wall of Fame

Acknowledgements to all reporters acting accordingly our Coordinated Vulnerability Disclosure policy
(formerly known as: Responsible Disclosure)

[English] Fontys is grateful to the following researchers who have responsibly disclosed vulnerabilities on our systems and services:
[Dutch] Fontys bedankt de volgende onderzoekers voor hun op verantwoorde manier kenbaar maken van een gevonden kwetsbaarheid in onze systemen en/of diensten:

2026

  • Miguel Almeida Antune (-) 06-01-2026 - Application vulnerability

2025

  • Takshal Patel (-) 13-01-2025 - Information disclosure
  • Krrish Bajaj (-) 10-02-2025 - Social media username takeover vulnerability
  • Herry Poter herrypoter8866 (-) -17-02-2025 - Javascript
  • Naksh Raja (-) 14-04-2025 - Mismatched SSL Certificate
  • Naksh (-) 01-07-2025 - SSL Certificate - hostname
  • lolzpro766 (-) 27-10-2025 - SSH key

2024

  • Eelke Sneijders (Linkedin) 13-03-2024 - Information disclosure
  • Jasper Brouwer (LinkedIn??) 26-06-2024 - Missing App Service
  • root herrypoter8866 (LinkedIn??) 27-08-2024 - cors-misconfig
  • Kaloyan Andreev (LinkedIn??) 21-10-2024 - Disclosure information
  • Manas Harsh (-) 06-12-2024 - Exposure user data

2023

  • Matthijs Broeders (-) 17-03-2023 - Unauthorised access to url
  • Abhishrey Gupta (-) 27-03-2023 - Reflected XSS
  • Oussama Kasmi (-) 03-07-2023 - Reflected XSS
  • Rick Verdoes (-) 03-07-2023 - XSS
  • johnk3r (-) 05-07-2023 - XSS
  • KandarpDave (-) 17-07-2023 - Disclosure API key / admin panel
  • Asif Nawaz Minhas (LinkedIn) 16-11-2023 - Reflected XSS
  • Ruben Meeuwissen (LinkedIn) 21-12-2023 - Reflected XSS

2022

  • Sohaib (-) 12-01-2022 - Missing headers
  • Ivan Rimbow (-) 05-07-2022 - Access AD
  • Siebren Kraak (-) 12-12-2022 - Accounts not deleted

2021

  • Maarten Dekker (-) 12-01-2021 - Email spoofing
  • Robin van den Hurk (-) 16-04-2021 - Kwetsbaarheid FHICT systeem
  • Harinder Singh (-) 11-06-2021 - Open metrics information
  • Siddharth Mittal (-) 26-07-2021 - Disclosure information
  • Anas Sohail (-) 18-11-2021 - Broken link Hijacking

2020

  • Imran (-) 17-01-2020 - Same-Site Scripting
  • Gulhameed (-) 14-02-2020 - Same- Site Scripting
  • Ankita Jagadish Pawar (-) 04-03-2020 - XSS
  • Aamir Khan (-) 01-04-2020 - XSS
  • Pritam Mukherjee ( LinkedIn) 14-04-2020 - iFrame injection & XSS
  • Anurag Muley (-) 16-04-2020 - Email Spoofing
  • Robert Aaron (-) 23-04-2020 - Clickjacking
  • Ritik Chaddha (-) 04-05-2020 - XSS
  • Siddhesh Tungatkar (-) 06-05-2020 - Broken link Hijacking
  • Priyanka Bamne (-) 08-05-2020 - Disclosing details
  • Jaydeep Nasit (-) 20-05-2020 - XSS+html injection
  • Cheryl Maise Lobo (-) 25-05-2020 - API-key disclosure
  • Ayush Badheka (-) 19-06-2020 - Active mixed content
  • Rikesh Baniya (-) 13-07-2020 - XSS+html injection
  • Gawa Sharks (-) 14-07-2020 - Broken link Hijacking
  • Muhammad Julfikar Hyder (-) 07-08-2020 - Missing DNS / SPF
  • Saiful Islam (-) 10-08-2020 - Broken Authentication (token not expired)
  • Oussama (-) 10-08-2020 - Unauthenticated file read/deletion
  • Pranav Bhandari (-) 10-09-2020 - Path Traversal Vulnerability
  • Abdullah Al Mamun (-) 21-9-2020 - Disclosure data

2019

  • Ratnadip Gajbhiye (-) 10-01-2019 - Web Server Version Disclosure
  • Virendra Yadav (-) 06-03-2019 - Email Spoofing
  • Mohsin Ali (-) 08-03-2019 - Tabnabbing
  • Pethuraj M (-) 08-03-2019 - XSS
  • Ruben van Vreeland (-) 08-03-2019 - SQL injection
  • Gaurav Kumar (-) 11-03-2019 - Disclosing details
  • Kirtikumar Anandrao Ramchandani (-) 11-03-2019 - Preload HSTS
  • Chetan Tiwari (-) 11-03-2019 - Disclose information
  • Maham Farizul (-) 25-03-2019 - Prevent misissuance of a certificate
  • KhizarUl Haq (-) 14-04-2019 - SPF
  • Vasantha Kumar SP (-) 04-06-2019 - HTTP connections
  • Deep Yadav (-) 19-06-2019 - Disclosure information
  • Asif Hossain (-) 25-10-2019 - Same-Site Scripting
  • Ayan Saha (-) 12-12-2019 - Same-Site Scripting

2018

  • Kasper Karlsson (-) 20-03-2018 - One event page vulnerable for XSS
  • Navdeep Singh (-) 13-04-2018 25-09-2018 - XSS
  • Dhruv Mankad (-) 05-06-2018 - URL Obfuscation
  • Mohammed Israil (-) 25-06-2028 - Email Spoofing
  • Pal Patel (-) 27-06-2018 - Missing heading setting
  • Ninad Mathpati (-) 29-6-2018 - Clickjacking
  • Anil Vaghasiya (-) 02-07-2018 - Email Spoofing
  • Bijan Murmu (-) 23-07-2018 - Content-spoofing
  • Yassine Nafiai (-) 10-08-2018 - Email Spoofing
  • Mohammed Adam (-) 28-08-2018 - Clickjacking
  • Virendra Tiwari (-) 29-08-2018 - Clickjacking
  • Siddhant Vyas (-) 29-08-2018 - Clickjacking & Lenient SPF filtering
  • Pal Patel (-) 14-09-2018 - Missing heading setting
  • Hritik Sharma (-) 25-09-2018 - Clickjacking
  • Sahil Mehra (-) 27-09-2018 - Clickjacking
  • Shankar Acharya (-) 01-10-2018 - DNS misconfiguration & Configuration file disclosure
  • Vyshnav Nk (-) 03-10-2018 - Host header injection/redirection
  • Youssef Abyaa (-) 04-10-2018 - Reflected XSS