Pornhub


63 total issues disclosed

$92,420 total paid publicly


Most disclosed (22 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
XSS via JavaScript evaluation of an attacker controlled resource at www.pornhub.com Cross-site Scripting (XSS) - Generic wh0ru Medium 2021-06-16
View storyboard of private video @ ht.pornhub.com Information Disclosure kaimi No rating 2020-07-23
Self-XSS to Good-XSS - pornhub.com Cross-site Scripting (XSS) - Generic renekroka High 2020-05-07
xss Cross-site Scripting (XSS) - Reflected linkks Medium 2019-06-12
Stored XSS in photo comment functionality Cross-site Scripting (XSS) - Generic dudez High 2018-10-12
Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com Cross-site Scripting (XSS) - Stored sp1d3rs Medium 2018-03-27
Possibility to insert stored XSS inside <img> tag Cross-site Scripting (XSS) - Stored malacupa High 2017-11-10
Unsecured Elasticsearch Instance Improper Authentication - Generic cyber-guard High 2017-09-21
Private videos can be added to our playlists Insecure Direct Object Reference (IDOR) rahulztez No rating 2017-08-23
Reflected XSS on ht.pornhub.com - /export/GetPreview Cross-site Scripting (XSS) - Reflected ilsani Low 2017-07-10
http://ht.pornhub.com/ stored XSS in widget stylesheet Cross-site Scripting (XSS) - Generic ramsexy High 2017-07-10
pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss Cross-site Scripting (XSS) - DOM kenziy Low 2017-07-10
Stored XSS in the any user profile using website link Cross-site Scripting (XSS) - Stored sp1d3rs Medium 2017-07-07
Partial disclosure of Private Videos through data-mediabook attribute information leak Information Disclosure sp1d3rs Medium 2017-07-06
XSS on pornhubselect.com Cross-site Scripting (XSS) - Reflected txt3rob No rating 2017-06-26
Unsecured DB instance Code Injection cyber-guard Critical 2017-06-13
Reflected XSS in login redirection module Cross-site Scripting (XSS) - Reflected aghora High 2017-05-15
Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section Cross-site Scripting (XSS) - Generic sp1d3rs Low 2017-05-12
Blind Stored XSS against Pornhub employees using Amateur Model Program Cross-site Scripting (XSS) - Stored sp1d3rs High 2017-04-21
Race Condition Vulnerability On Pornhubpremium.com None supplied jaydipm Critical 2017-04-20
IDOR - disclosure of private videos - /api_android_v3/getUserVideos Improper Authentication - Generic cyber-guard No rating 2017-03-27
[xss] pornhubpremium.com, /redeem?code= URL endpoint Cross-site Scripting (XSS) - Generic jon_bottarini Medium 2017-03-16
XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint Cross-site Scripting (XSS) - Generic jon_bottarini Medium 2017-03-15
vulnerabilitie Improper Authentication - Generic r0bbyz No rating 2017-02-23
Stored XSS on the http://ht.pornhub.com/widgets/ Cross-site Scripting (XSS) - Generic shepard Medium 2017-02-20
Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML. Cross-site Scripting (XSS) - Generic edoverflow Medium 2017-02-14
XSS vulnerability using GIF tags Cross-site Scripting (XSS) - Generic alberto__segura High 2017-02-14
[idor] Profile Admin can pin any other user's post on his stream wall Improper Authentication - Generic vijay_kumar1110 No rating 2017-02-13
Wordpress Content injection Command Injection - Generic babayaga_ High 2017-02-06
Debug.log file Exposed to Public \Full Path Disclosure\ Information Disclosure babayaga_ Medium 2017-02-06
Unsecured Kibana/Elasticsearch instance Server-Side Request Forgery (SSRF) cyber-guard Critical 2017-01-30
[IDOR] Deleting other users comment Improper Authentication - Generic mikkz No rating 2016-11-24
[IDOR] post to anyone even if their stream is restricted to friends only Improper Authentication - Generic mikkz No rating 2016-11-11
[idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs) Improper Authentication - Generic vijay_kumar1110 No rating 2016-11-05
Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box Improper Authentication - Generic cyber-guard No rating 2016-10-28
Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint Privilege Escalation mikkz No rating 2016-10-25
[RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com Information Disclosure 5haked No rating 2016-10-03
XSS ReflectedGET /*embed_player*? Cross-site Scripting (XSS) - Generic clubjk No rating 2016-10-03
XSS Reflected incategories*p Cross-site Scripting (XSS) - Generic clubjk No rating 2016-10-03
SSRF & XSS (W3 Total Cache) Cross-site Scripting (XSS) - Generic jouko No rating 2016-10-03
[stored xss, pornhub.com] stream post function Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-09-24
Unsecured Grafana instance Improper Authentication - Generic cyber-guard No rating 2016-09-20
[crossdomain.xml] Dangerous Flash Cross-Domain Policy Information Disclosure zephrfish No rating 2016-09-12
HTTP Track/Trace Method Enabled Information Disclosure zephrfish No rating 2016-08-17
[ssrf] libav vulnerable during conversion of uploaded videos Information Disclosure agarri_fr No rating 2016-08-15
(Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access Code Injection dremos No rating 2016-07-27
[phpobject in cookie] Remote shell/command execution Code Injection static No rating 2016-07-27
Weak user aunthentication on mobile application - I just broken userKey secret password Improper Authentication - Generic jahrek No rating 2016-07-27
RCE Possible Via Video Manager Export using @ character in Video Title Command Injection - Generic zephrfish No rating 2016-07-04
Same-Origin Method Execution bug in plupload.flash.swf on /insights Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-06-28
Reflected XSS by way of jQuery function Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-06-28
Publicly exposed SVN repository, ht.pornhub.com Code Injection mak No rating 2016-06-26
CSV Macro injection in Video Manager (CEMI) Command Injection - Generic awake No rating 2016-06-22
Public Facing Barracuda Login Cryptographic Issues - Generic zephrfish No rating 2016-06-22
Multiple endpoints are vulnerable to XML External Entity injection (XXE) Denial of Service mak No rating 2016-06-22
PornIQ Reflected Cross-Site Scripting Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-06-22
Unauthenticated access to Content Management System - www1.pornhubpremium.com Command Injection - Generic mak No rating 2016-05-27
[xss, pornhub.com] /user/[username], multiple parameters Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-05-26
Cross Site Scripting - On Mouse Over, Blog page Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-05-26
Reflected Cross-Site Scripting on French subdomain Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-05-26
Unprotected Memcache Installation running Improper Authentication - Generic zephrfish No rating 2016-05-26
Cross Site Scripting – Album Page Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-05-23
[reflected xss, pornhub.com] /blog, any Cross-site Scripting (XSS) - Generic zephrfish No rating 2016-05-23