HTML Injection with XSS possible |
Cross-site Scripting (XSS) - Stored |
malek |
Medium |
2021-04-29 |
self-xss with ClickJacking can leads to account takeover in Firefox |
Cross-site Scripting (XSS) - DOM |
keer0k |
Low |
2020-11-17 |
Stored XSS in Post title (PoC) |
Cross-site Scripting (XSS) - Stored |
zerox4 |
Medium |
2020-09-02 |
SSRF in imgur video GIF conversion |
Server-Side Request Forgery (SSRF) |
mariuszpoplawski |
High |
2020-08-13 |
Sourcemaps and Unminified Source Code Exposed on Pages |
Improper Access Control - Generic |
gennaro |
Medium |
2020-05-07 |
Password Reset Link not expiring after changing the email Leads To Account Takeover |
Improper Authentication - Generic |
alishah |
Medium |
2019-12-03 |
CSRF leads to a stored self xss |
Cross-site Scripting (XSS) - Reflected |
hogarth45 |
Low |
2019-08-30 |
Stored XSS on imgur profile |
Cross-site Scripting (XSS) - Stored |
giddsec |
Medium |
2019-03-02 |
Go.imgur.com can be used to phish for account information |
Phishing |
kiyell |
Low |
2018-09-21 |
Information disclosure (No rate limting in forgot password & other login) |
Information Disclosure |
protector47 |
No rating |
2018-04-14 |
Reflected XSS in m.imgur.com |
Cross-site Scripting (XSS) - Generic |
logue |
No rating |
2017-10-07 |
Login to any user account using other facebook app access token |
Improper Authentication - Generic |
vinothkumar |
No rating |
2017-07-24 |
RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` |
Command Injection - Generic |
neex |
Critical |
2017-04-26 |
Remote Code Execution on Git.imgur-dev.com |
Code Injection |
orange |
Critical |
2017-04-16 |
Stored xss in ALBUM DESCRIPTION |
Cross-site Scripting (XSS) - Generic |
armaanpathan |
Medium |
2017-01-27 |
Stored XSS in albums on http://m.imgur.com/ |
Cross-site Scripting (XSS) - Generic |
strukt |
No rating |
2017-01-17 |
Unauthenticated Docker registry |
Improper Authentication - Generic |
nathonsecurity |
No rating |
2016-11-22 |
Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event |
Cross-site Scripting (XSS) - Generic |
fransrosen |
No rating |
2016-07-28 |
Attack User Privacy Settings - X-Frame-Options missing on m.imgur.com/user/username/settings |
UI Redressing (Clickjacking) |
kasser |
No rating |
2016-05-04 |
Local file read in image editor |
Code Injection |
sl1m |
No rating |
2016-04-16 |
SSRF and local file read in video to gif converter |
None supplied |
sl1m |
No rating |
2016-04-16 |
Persistent XSS in image title |
Cross-site Scripting (XSS) - Generic |
kasperkarlsson |
No rating |
2016-03-31 |
XSS via React element spoofing |
Cross-site Scripting (XSS) - Generic |
jouko |
No rating |
2016-03-24 |
Server Side Request Forgery In Video to GIF Functionality |
Cross-Site Request Forgery (CSRF) |
1n3 |
No rating |
2016-03-22 |
SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg |
Command Injection - Generic |
aesteral |
No rating |
2016-03-14 |
SSRF in https://imgur.com/vidgif/url |
Denial of Service |
aesteral |
No rating |
2016-03-12 |
risk of having secure=false in a crossdomain.xml |
Memory Corruption - Generic |
hacker00000000 |
No rating |
2016-03-03 |
Big Bug in SSL : breach compression attack (CVE-2013-3587) affect imgur.com |
Cryptographic Issues - Generic |
hacker00000000 |
No rating |
2016-01-21 |
XSS in imgur mobile 3 |
Cross-site Scripting (XSS) - Generic |
charfee |
No rating |
2016-01-21 |
XSS m.imgur.com |
Cross-site Scripting (XSS) - Generic |
charfee |
No rating |
2016-01-21 |
XSS in imgur mobile |
Cross-site Scripting (XSS) - Generic |
charfee |
No rating |
2016-01-19 |
Imgur dev environments facing the Internet |
Information Disclosure |
nathonsecurity |
No rating |
2016-01-09 |
"Sign me out everywhere" does not work for desktop sessions |
Cryptographic Issues - Generic |
d1pakda5 |
No rating |
2015-12-23 |
Crossdomain.xml settings on api.imgur.com too open |
Memory Corruption - Generic |
kiraak-boy |
No rating |
2015-12-09 |
Open Url redirection on login with facebook |
Cryptographic Issues - Generic |
d1pakda5 |
No rating |
2015-12-09 |
Csrf near report abuse meme |
Cross-Site Request Forgery (CSRF) |
nthack |
No rating |
2015-12-09 |
Persistent XSS in https://p.imgur.com/albumview.gif and http://p.imgur.com/imageview.gif / post statistics |
Cross-site Scripting (XSS) - Generic |
sleepprogger |
No rating |
2015-12-09 |
Content Sniffing not enabled |
Cryptographic Issues - Generic |
unknown_cybary |
No rating |
2015-12-09 |