Imgur Program Statistics

View program

38 total issues disclosed

$29,150 total paid publicly

Most disclosed (10 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
HTML Injection with XSS possible Cross-site Scripting (XSS) - Stored malek Medium 2021-04-29
self-xss with ClickJacking can leads to account takeover in Firefox Cross-site Scripting (XSS) - DOM keer0k Low 2020-11-17
Stored XSS in Post title (PoC) Cross-site Scripting (XSS) - Stored zerox4 Medium 2020-09-02
SSRF in imgur video GIF conversion Server-Side Request Forgery (SSRF) mariuszpoplawski High 2020-08-13
Sourcemaps and Unminified Source Code Exposed on Pages Improper Access Control - Generic gennaro Medium 2020-05-07
Password Reset Link not expiring after changing the email Leads To Account Takeover Improper Authentication - Generic alishah Medium 2019-12-03
CSRF leads to a stored self xss Cross-site Scripting (XSS) - Reflected hogarth45 Low 2019-08-30
Stored XSS on imgur profile Cross-site Scripting (XSS) - Stored giddsec Medium 2019-03-02 can be used to phish for account information Phishing kiyell Low 2018-09-21
Information disclosure (No rate limting in forgot password & other login) Information Disclosure protector47 No rating 2018-04-14
Reflected XSS in Cross-site Scripting (XSS) - Generic logue No rating 2017-10-07
Login to any user account using other facebook app access token Improper Authentication - Generic vinothkumar No rating 2017-07-24
RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` Command Injection - Generic neex Critical 2017-04-26
Remote Code Execution on Code Injection orange Critical 2017-04-16
Stored xss in ALBUM DESCRIPTION Cross-site Scripting (XSS) - Generic armaanpathan Medium 2017-01-27
Stored XSS in albums on Cross-site Scripting (XSS) - Generic strukt No rating 2017-01-17
Unauthenticated Docker registry Improper Authentication - Generic nathonsecurity No rating 2016-11-22
Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event Cross-site Scripting (XSS) - Generic fransrosen No rating 2016-07-28
Attack User Privacy Settings - X-Frame-Options missing on UI Redressing (Clickjacking) kasser No rating 2016-05-04
Local file read in image editor Code Injection sl1m No rating 2016-04-16
SSRF and local file read in video to gif converter None supplied sl1m No rating 2016-04-16
Persistent XSS in image title Cross-site Scripting (XSS) - Generic kasperkarlsson No rating 2016-03-31
XSS via React element spoofing Cross-site Scripting (XSS) - Generic jouko No rating 2016-03-24
Server Side Request Forgery In Video to GIF Functionality Cross-Site Request Forgery (CSRF) 1n3 No rating 2016-03-22
SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg Command Injection - Generic aesteral No rating 2016-03-14
SSRF in Denial of Service aesteral No rating 2016-03-12
risk of having secure=false in a crossdomain.xml Memory Corruption - Generic hacker00000000 No rating 2016-03-03
Big Bug in SSL : breach compression attack (CVE-2013-3587) affect Cryptographic Issues - Generic hacker00000000 No rating 2016-01-21
XSS in imgur mobile 3 Cross-site Scripting (XSS) - Generic charfee No rating 2016-01-21
XSS Cross-site Scripting (XSS) - Generic charfee No rating 2016-01-21
XSS in imgur mobile Cross-site Scripting (XSS) - Generic charfee No rating 2016-01-19
Imgur dev environments facing the Internet Information Disclosure nathonsecurity No rating 2016-01-09
"Sign me out everywhere" does not work for desktop sessions Cryptographic Issues - Generic d1pakda5 No rating 2015-12-23
Crossdomain.xml settings on too open Memory Corruption - Generic kiraak-boy No rating 2015-12-09
Open Url redirection on login with facebook Cryptographic Issues - Generic d1pakda5 No rating 2015-12-09
Csrf near report abuse meme Cross-Site Request Forgery (CSRF) nthack No rating 2015-12-09
Persistent XSS in and / post statistics Cross-site Scripting (XSS) - Generic sleepprogger No rating 2015-12-09
Content Sniffing not enabled Cryptographic Issues - Generic unknown_cybary No rating 2015-12-09