Seznam Security Hall of Fame

Acknowledgments

At Seznam, security is a priority. We recognize and appreciate the individuals who have helped make Seznam safer by reporting vulnerabilities. The following list acknowledges those who have responsibly disclosed vulnerabilities to us:

---

• (19-10-2025) Jan Jarolím - Payment Process Tampering (reward: 4 000 CZK)
• (05-10-2025) Adam Šimáček - Self and Stored XSS (Low impact, reward: 2 000 CZK)
• (28-09-2025) Adam Šimáček - Stored XSS (Low impact, HoF only)
• (16-09-2025) Rio Mulyadi Pulungan - Blind XSS (reward: 9 000 CZK)
• (28-08-2025) Rio Mulyadi Pulungan - 3-Click Stored XSS (reward: 7 000 CZK)
• (20-08-2025) Kafi Mohammad Tamim - HTML Injection (reward: 20 000 CZK)
• (20-08-2025) Josef Mruzek - 2-Click Reflected XSS (reward: 6 000 CZK)
• (19-08-2025) Radja Aditya Chandra - POST-Based XSS (reward: 8 000 CZK)
• (18-08-2025) Rio Mulyadi Pulungan - 0-Click Remote Code Execution (reward: 20 000 CZK)
• (08-08-2025) Radja Aditya Chandra - Reflected XSS (reward: 10 000 CZK)
• (07-08-2025) Rio Mulyadi Pulungan - Reflected XSS and Open Redirect (reward: 8 000 CZK)
• (07-08-2025) Radja Aditya Chandra - Time-Based SQL Injection (reward: 7 000 CZK)
• (07-08-2025) Radja Aditya Chandra - Reflected and Self XSS (reward: 7 000 CZK)
• (01-08-2025) Radja Aditya Chandra - HTML Injection (reward: 2 000 CZK)
• (31-07-2025) Rio Mulyadi Pulungan - Authorization Bypass and Information Disclosure (reward: 2 000 CZK)
• (31-07-2025) Rio Mulyadi Pulungan - Error-Based SQL Injection (Low impact, HoF only)
• (30-07-2025) Radja Aditya Chandra - Potential Denial of Service and HTML Injection (reward: 2 000 CZK)
• (28-07-2025) Taufiq Kurrahman - 2 Click Stored XSS (reward: 4 000 CZK)
• (28-07-2025) Rio Mulyadi Pulungan - Authorization Bypass and Self Stored XSS (reward: 9 000 CZK)
• (24-07-2025) Kafi Mohammad Tamim - Multiple Time-Based SQL Injections (reward: 10 000 CZK)
• (23-07-2025) Reza Sulaiman - Wormable Stored XSS (reward: 4 000 CZK)
• (23-07-2025) Rio Mulyadi Pulungan - Stored XSS on Multiple Subdomains (reward: 10 000 CZK)
• (18-07-2025) Adam Šimáček - DOM-based Stored XSS (reward: 2 000 CZK)
• (17-07-2025) Rio Mulyadi Pulungan - 1-Click Reflected XSS Fix Bypass (reward: 2 000 CZK)
• (08-07-2025) Tadeáš Porš - Boolean-based SQL Injection (Low impact, reward: 4 000 CZK)
• (07-07-2025) Rio Mulyadi Pulungan - Self XSS and Stored XSS Fix Bypass (reward: 10 000 CZK)
• (06-07-2025) Haikal Rizky - Self XSS (reward: 2 000 CZK)
• (05-07-2025) Rio Mulyadi Pulungan - Multiple Stored & Reflected XSS Vulnerabilities and Exposed Unauthorized Adminweb (reward: 46 000 CZK)
• (01-07-2025) Kafi Mohammad Tamim - Open Redirect (reward: 2 000 CZK)
• (20-06-2025) Adam Šimáček - Self XSS (reward: 4 000 CZK)
• (13-06-2025) Rio Mulyadi Pulungan - Open Redirect (reward: 3 000 CZK)
• (11-06-2025) Rio Mulyadi Pulungan - HTML Injection and Multiple Stored XSS (reward: 12 000 CZK)
• (26-05-2025) Rio Mulyadi Pulungan - Self XSS (reward: 4 000 CZK)
• (26-05-2025) Taufiq Kurrahman - E-Mail Spoofing and HTML Injection (reward: 2 000 CZK)
• (22-05-2025) Kafi Mohammad Tamim - Sensitive SQL Dump File (reward: 20 000 CZK)
• (12-05-2025) Kafi Mohammad Tamim - Server-Side Open Redirect
• (09-05-2025) Kafi Mohammad Tamim - SQL Injection and POST-based Open Redirect (reward: 30 000 CZK)
• (05-05-2025) Kafi Mohammad Tamim - Broken Link Hijacking and Server-Side Open Redirect (reward: 3 000 CZK)
• (11-04-2025) Kafi Mohammad Tamim - Reflected XSS (reward: 10 000 CZK)
• (24-03-2025) Jaroslav Kotík - Email Spoofing Fix Bypass (reward: 10 000 CZK after bounty split)
• (24-03-2025) Adam Hlavica - Email Spoofing Fix Bypass (reward: 10 000 CZK after bounty split)
• (24-01-2025) Jaroslav Kotík - Email Spoofing (reward: 20 000 CZK after bounty split)
• (24-01-2025) Adam Hlavica - Email Spoofing (reward: 20 000 CZK after bounty split)
• (23-09-2024) Marek Tóth - 2FA Bypass and Blind XSS Vulnerability (reward: 25 000 CZK)
• (20-08-2024) Marek Tóth - Multiple Authentication Bypass and Stored XSS Vulnerabilities (reward: 150 000 CZK)
• (10-08-2024) Pushkar Nandwalkar - HTML Injection (reward: 3 000 CZK + bonus)
• (31-05-2024) Prokop Schovanec - DOM-based XSS (reward: 11 000 CZK)
• (29-04-2024) David Nechuta - Multiple Reflected XSS Vulnerabilities (reward: 16 000 CZK)
• (04-04-2024) Martin Řepa - Multiple Information Disclosure and XSS Vulnerabilities (reward: 30 000 CZK)
• (21-11-2023) Jan Oupický - User Enumeration with Partial Disclosure (reward: 7 000 CZK after bounty split)
• (30-10-2023) Petr Paroubek - 1-Click Reflected XSS (reward: 10 000 CZK + bonus)
• (20-09-2023) Ondřej Cach - Phishing on Trustworthy Sandbox Domain via Stored XSS (reward: 4 000 CZK + bonus)
• (06-08-2023) Adam Šimáček - Reflected XSS (reward: 25 000 CZK)
• (18-01-2023) Marek Tóth - Multiple Session Hijacking Vulnerabilities (reward: 35 000 CZK)
• (01-10-2020) Marek Tóth - Multiple Reflected XSS
• (17-06-2020) Marek Tóth - Reflected XSS
• (09-06-2020) Marek Tóth - Session Hijacking via CORS Misconfiguration

---