XSS via JavaScript evaluation of an attacker controlled resource at www.pornhub.com |
Cross-site Scripting (XSS) - Generic |
wh0ru |
Medium |
2021-06-16 |
View storyboard of private video @ ht.pornhub.com |
Information Disclosure |
kaimi |
No rating |
2020-07-23 |
Self-XSS to Good-XSS - pornhub.com |
Cross-site Scripting (XSS) - Generic |
renekroka |
High |
2020-05-07 |
xss |
Cross-site Scripting (XSS) - Reflected |
linkks |
Medium |
2019-06-12 |
Stored XSS in photo comment functionality |
Cross-site Scripting (XSS) - Generic |
dudez |
High |
2018-10-12 |
Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com |
Cross-site Scripting (XSS) - Stored |
sp1d3rs |
Medium |
2018-03-27 |
Possibility to insert stored XSS inside <img> tag |
Cross-site Scripting (XSS) - Stored |
malacupa |
High |
2017-11-10 |
Unsecured Elasticsearch Instance |
Improper Authentication - Generic |
cyber-guard |
High |
2017-09-21 |
Private videos can be added to our playlists |
Insecure Direct Object Reference (IDOR) |
rahulztez |
No rating |
2017-08-23 |
Reflected XSS on ht.pornhub.com - /export/GetPreview |
Cross-site Scripting (XSS) - Reflected |
ilsani |
Low |
2017-07-10 |
http://ht.pornhub.com/ stored XSS in widget stylesheet |
Cross-site Scripting (XSS) - Generic |
ramsexy |
High |
2017-07-10 |
pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss |
Cross-site Scripting (XSS) - DOM |
kenziy |
Low |
2017-07-10 |
Stored XSS in the any user profile using website link |
Cross-site Scripting (XSS) - Stored |
sp1d3rs |
Medium |
2017-07-07 |
Partial disclosure of Private Videos through data-mediabook attribute information leak |
Information Disclosure |
sp1d3rs |
Medium |
2017-07-06 |
XSS on pornhubselect.com |
Cross-site Scripting (XSS) - Reflected |
txt3rob |
No rating |
2017-06-26 |
Unsecured DB instance |
Code Injection |
cyber-guard |
Critical |
2017-06-13 |
Reflected XSS in login redirection module |
Cross-site Scripting (XSS) - Reflected |
aghora |
High |
2017-05-15 |
Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section |
Cross-site Scripting (XSS) - Generic |
sp1d3rs |
Low |
2017-05-12 |
Blind Stored XSS against Pornhub employees using Amateur Model Program |
Cross-site Scripting (XSS) - Stored |
sp1d3rs |
High |
2017-04-21 |
Race Condition Vulnerability On Pornhubpremium.com |
None supplied |
jaydipm |
Critical |
2017-04-20 |
IDOR - disclosure of private videos - /api_android_v3/getUserVideos |
Improper Authentication - Generic |
cyber-guard |
No rating |
2017-03-27 |
[xss] pornhubpremium.com, /redeem?code= URL endpoint |
Cross-site Scripting (XSS) - Generic |
jon_bottarini |
Medium |
2017-03-16 |
XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint |
Cross-site Scripting (XSS) - Generic |
jon_bottarini |
Medium |
2017-03-15 |
vulnerabilitie |
Improper Authentication - Generic |
r0bbyz |
No rating |
2017-02-23 |
Stored XSS on the http://ht.pornhub.com/widgets/ |
Cross-site Scripting (XSS) - Generic |
shepard |
Medium |
2017-02-20 |
Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML. |
Cross-site Scripting (XSS) - Generic |
edoverflow |
Medium |
2017-02-14 |
XSS vulnerability using GIF tags |
Cross-site Scripting (XSS) - Generic |
alberto__segura |
High |
2017-02-14 |
[idor] Profile Admin can pin any other user's post on his stream wall |
Improper Authentication - Generic |
vijay_kumar1110 |
No rating |
2017-02-13 |
Wordpress Content injection |
Command Injection - Generic |
babayaga_ |
High |
2017-02-06 |
Debug.log file Exposed to Public \Full Path Disclosure\ |
Information Disclosure |
babayaga_ |
Medium |
2017-02-06 |
Unsecured Kibana/Elasticsearch instance |
Server-Side Request Forgery (SSRF) |
cyber-guard |
Critical |
2017-01-30 |
[IDOR] Deleting other users comment |
Improper Authentication - Generic |
mikkz |
No rating |
2016-11-24 |
[IDOR] post to anyone even if their stream is restricted to friends only |
Improper Authentication - Generic |
mikkz |
No rating |
2016-11-11 |
[idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs) |
Improper Authentication - Generic |
vijay_kumar1110 |
No rating |
2016-11-05 |
Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box |
Improper Authentication - Generic |
cyber-guard |
No rating |
2016-10-28 |
Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint |
Privilege Escalation |
mikkz |
No rating |
2016-10-25 |
[RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com |
Information Disclosure |
5haked |
No rating |
2016-10-03 |
XSS ReflectedGET /*embed_player*? |
Cross-site Scripting (XSS) - Generic |
clubjk |
No rating |
2016-10-03 |
XSS Reflected incategories*p |
Cross-site Scripting (XSS) - Generic |
clubjk |
No rating |
2016-10-03 |
SSRF & XSS (W3 Total Cache) |
Cross-site Scripting (XSS) - Generic |
jouko |
No rating |
2016-10-03 |
[stored xss, pornhub.com] stream post function |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-09-24 |
Unsecured Grafana instance |
Improper Authentication - Generic |
cyber-guard |
No rating |
2016-09-20 |
[crossdomain.xml] Dangerous Flash Cross-Domain Policy |
Information Disclosure |
zephrfish |
No rating |
2016-09-12 |
HTTP Track/Trace Method Enabled |
Information Disclosure |
zephrfish |
No rating |
2016-08-17 |
[ssrf] libav vulnerable during conversion of uploaded videos |
Information Disclosure |
agarri_fr |
No rating |
2016-08-15 |
(Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access |
Code Injection |
dremos |
No rating |
2016-07-27 |
[phpobject in cookie] Remote shell/command execution |
Code Injection |
static |
No rating |
2016-07-27 |
Weak user aunthentication on mobile application - I just broken userKey secret password |
Improper Authentication - Generic |
jahrek |
No rating |
2016-07-27 |
RCE Possible Via Video Manager Export using @ character in Video Title |
Command Injection - Generic |
zephrfish |
No rating |
2016-07-04 |
Same-Origin Method Execution bug in plupload.flash.swf on /insights |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-06-28 |
Reflected XSS by way of jQuery function |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-06-28 |
Publicly exposed SVN repository, ht.pornhub.com |
Code Injection |
mak |
No rating |
2016-06-26 |
CSV Macro injection in Video Manager (CEMI) |
Command Injection - Generic |
awake |
No rating |
2016-06-22 |
Public Facing Barracuda Login |
Cryptographic Issues - Generic |
zephrfish |
No rating |
2016-06-22 |
Multiple endpoints are vulnerable to XML External Entity injection (XXE) |
Denial of Service |
mak |
No rating |
2016-06-22 |
PornIQ Reflected Cross-Site Scripting |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-06-22 |
Unauthenticated access to Content Management System - www1.pornhubpremium.com |
Command Injection - Generic |
mak |
No rating |
2016-05-27 |
[xss, pornhub.com] /user/[username], multiple parameters |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-05-26 |
Cross Site Scripting - On Mouse Over, Blog page |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-05-26 |
Reflected Cross-Site Scripting on French subdomain |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-05-26 |
Unprotected Memcache Installation running |
Improper Authentication - Generic |
zephrfish |
No rating |
2016-05-26 |
Cross Site Scripting – Album Page |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-05-23 |
[reflected xss, pornhub.com] /blog, any |
Cross-site Scripting (XSS) - Generic |
zephrfish |
No rating |
2016-05-23 |