X (Formerly Twitter) Program Statistics

View program

215 total issues disclosed

$319,839 total paid publicly

Most disclosed (34 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
[Bypass fixed #664038 and #519059] Application settings change settings that have been set by the user Business Logic Errors jaka_tingkir Medium 2021-07-13
Blind XSS on Twitter's internal Big Data panel at █████████████ Cross-site Scripting (XSS) - Stored iambouali Critical 2021-07-09
Ability to add arbitrary images/descriptions/titles to ohter people's issues via IDOR on getrevue.co Insecure Direct Object Reference (IDOR) mirhat Critical 2021-05-26
Bypass t.co link shortener in Twitter direct messages Business Logic Errors iambouali Low 2021-05-18
Open Redirect on https://www.twitterflightschool.com/widgets/experience?destination_url=https://evil.com Open Redirect nagli Low 2021-05-04
Github Account hijack through broken link in developer.twitter.com Phishing voatz High 2021-02-04
Read-only application can publish/delete fleets Privilege Escalation ryotak Medium 2021-01-04
Delete direct message history without access the proper conversation_id Business Logic Errors soareswallace Low 2020-11-20
http request smuggling in twitter.com HTTP Request Smuggling protostar0 High 2020-11-18
Twitter Media Studio Source Information Disclosure With Analyst Role Information Disclosure gokay Medium 2020-10-26
XSS via referrer parameter Cross-site Scripting (XSS) - Reflected keer0k Medium 2020-10-26
Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506 Cross-site Scripting (XSS) - Generic alesandroortiz High 2020-09-24
http request smuggling in pscp.tv and periscope.tv HTTP Request Smuggling protostar0 High 2020-09-11
Safe Redirect Bypass Security Through Obscurity cyanpiny Low 2020-09-10
Denial of Service | twitter.com & mobile.twitter.com Denial of Service cyanpiny Medium 2020-09-02
Insufficient validation on Digits bridge Improper Authentication - Generic filedescriptor No rating 2020-08-20
Private list members disclosure via GraphQL Improper Access Control - Generic ryotak Low 2020-08-04
Private list members disclosure via GraphQL Improper Access Control - Generic ryotak Low 2020-08-04
Private list members disclosure via GraphQL Improper Access Control - Generic ryotak Low 2020-08-04
Private list members disclosure via GraphQL Improper Access Control - Generic ryotak Low 2020-08-04
Private list members disclosure via GraphQL Improper Access Control - Generic ryotak Low 2020-08-04
Private list members disclosure via GraphQL Improper Access Control - Generic ryotak Low 2020-08-04
Denial of Service [Chrome] Denial of Service cyanpiny Medium 2020-07-24
Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques} Brute Force updatelap Low 2020-07-10
暴力破解用户密码没有速率控制 Unverified Password Change 1735096419 Medium 2020-07-01
Bypassing Digits origin validation which leads to account takeover Improper Authentication - Generic filedescriptor No rating 2020-06-24
character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error Denial of Service exit_n0de Medium 2020-05-06
Periscope iOS app CSRF in follow action due to deeplink Cross-Site Request Forgery (CSRF) mgf15 Low 2020-04-01
User input validation can lead to DOS Denial of Service meepmerp Medium 2020-03-27
Reset password without knowing current password Weak Password Recovery Mechanism for Forgotten Password naategh Low 2020-03-25
Accepting error message on twitter sends you to attacker site Open Redirect safehacker_27 Medium 2020-03-13
lack of input validation that can lead Denial of Service (DOS) Denial of Service meepmerp Medium 2020-03-12
NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate. None supplied adarsh_p Medium 2020-02-28
Reflected XSS in twitterflightschool.com Cross-site Scripting (XSS) - Reflected jubabaghdad None 2020-02-21
Twitter Source Label allow 'mongolian vowel separator' U+180E (app name) Phishing lorenznickel Low 2020-02-21
Periscope android app deeplink leads to CSRF in follow action Cross-Site Request Forgery (CSRF) kunal94 Low 2020-02-21
Bypass Password Authentication for updating email and phone number - Security Vulnerability Improper Authentication - Generic jayesh25 High 2020-02-08
Creating malformed URLs via new line character in-between two URLs leads to misrepresented hyperlinks in Tweets/DMs CRLF Injection zlz Low 2020-01-24
protected Tweet settings overwritten by other settings None supplied jaka_tingkir Medium 2020-01-01
CRLF injection None supplied s3c Medium 2019-12-25
CRLF injection None supplied s3c Medium 2019-12-25
XSS on https://app.mopub.com/reports/custom/add/ [new-d1] None supplied c00lbugs No rating 2019-12-07
Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App UI Redressing (Clickjacking) slickrockweb High 2019-10-31
Ability to perform actions (Tweet, Retweet, DM) and other actions, unauthenticated, on any account with SMS enabled. Business Logic Errors antisocial_eng Critical 2019-09-27
XSS and Open Redirect on MoPub Login Open Redirect jackb898 No rating 2019-09-25
Github Token Leaked publicly for https://github.com/mopub Cleartext Storage of Sensitive Information moro139 Medium 2019-08-16
Potential pre-auth RCE on Twitter VPN OS Command Injection orange Critical 2019-08-10
Potential pre-auth RCE on Twitter VPN OS Command Injection orange Critical 2019-08-10
Potential pre-auth RCE on Twitter VPN OS Command Injection orange Critical 2019-08-10
Twitter Periscope Clickjacking Vulnerability UI Redressing (Clickjacking) eo420 Medium 2019-07-10
Verify any unused email address Improper Access Control - Generic seifelsallamy No rating 2019-06-24
IDOR and statistics leakage in Orders Insecure Direct Object Reference (IDOR) updatelap Medium 2019-06-14
Twitter ID exposure via error-based side-channel attack Privacy Violation terjanq Medium 2019-05-17
XSS via Direct Message deeplinks Cross-site Scripting (XSS) - DOM 0xsobky No rating 2019-05-09
XSS and cache poisoning via upload.twitter.com on ton.twitter.com Cross-site Scripting (XSS) - Generic filedescriptor No rating 2019-05-02
[Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable Denial of Service filedescriptor No rating 2019-04-25
Insufficient OAuth callback validation which leads to Periscope account takeover Improper Authentication - Generic filedescriptor No rating 2019-04-10
Stored XSS on reports. Cross-site Scripting (XSS) - Stored giddsec High 2019-04-01
url that twitter mobile site can not load Denial of Service seifelsallamy Low 2019-03-19
Takeover of Twitter-owned domain at mobileapplinking.com Business Logic Errors healdb None 2019-02-28
Changing email address on Twitter for Android unsets "Protect your Tweets" Privacy Violation nyuszika7h Low 2019-01-18
[staging-engineering.gnip.com] Publicly accessible GIT directory Information Disclosure bobrov Medium 2018-11-01
Account Takeover in Periscope TV Cross-site Scripting (XSS) - Generic ngalog High 2018-09-06
Account Takeover in Periscope TV Cross-site Scripting (XSS) - Generic ngalog High 2018-09-06
Incorrect param parsing in Digits web authentication Improper Authentication - Generic filedescriptor No rating 2018-08-18
Improper session handling on web browsers Insufficient Session Expiration arjuniet Medium 2018-06-27
No Rate Limit in email leads to huge Mass mailings Business Logic Errors trabajoduro_2 Low 2018-06-02
Highly wormable clickjacking in player card UI Redressing (Clickjacking) filedescriptor No rating 2018-05-18
Highly wormable clickjacking in player card UI Redressing (Clickjacking) filedescriptor No rating 2018-05-18
ms5 debug page exposing internal info (internal IPs, headers) Information Exposure Through Debug Information lukeberner Medium 2018-05-11
[sms-be-vip.twitter.com] vulnerable to Jetleak Information Disclosure molejarka No rating 2018-04-02
Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference) Improper Authentication - Generic vijay_kumar1110 High 2018-03-22
CVE-2017-15277 on Profile page Information Disclosure emitrani Low 2018-03-08
Persistent DOM-based XSS in https://help.twitter.com via localStorage Cross-site Scripting (XSS) - Stored harisec Medium 2018-02-24
POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204) Cryptographic Issues - Generic omespino No rating 2018-02-22
Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent) Cross-site Scripting (XSS) - Stored harisec High 2018-02-17
Improper Host Detection During Team Up on tweetdeck.twitter.com None supplied avinash_ No rating 2018-01-04
Open Redirect Protection Bypass Open Redirect avinash_ No rating 2017-12-23
Listing of Amazon S3 Bucket accessible to any amazon authenticated user (metrics.pscp.tv) Information Disclosure segumarc No rating 2017-11-19
Opportunity to obtain private tweets through search widget preview caches Business Logic Errors csanuragjain No rating 2017-11-11
CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION) Cross-Site Request Forgery (CSRF) cymtrick No rating 2017-11-06
[CRITICAL] Full account takeover using CSRF Cross-Site Request Forgery (CSRF) yipman High 2017-11-03
Unauthorized Access to Protected Tweets via niche.co API Privacy Violation eidelweiss High 2017-11-03
OS Command Execution on User's PC via CSV Injection OS Command Injection cornerpirate Medium 2017-11-03
[dev.twitter.com] XSS and Open Redirect None supplied bobrov Medium 2017-09-30
Sensitive Information Disclosure https://cards-dev.twitter.com Information Disclosure hassham Medium 2017-09-30
Open Redirect Open Redirect malcolmx No rating 2017-08-19
XXE on sms-be-vip.twitter.com in SXMP Processor XML External Entities (XXE) joshbrodienz Medium 2017-07-27
CSRF on Periscope Web OAuth authorization endpoint Cross-Site Request Forgery (CSRF) filedescriptor No rating 2017-07-27
Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ] Information Disclosure prial261 Critical 2017-07-11
CRLF and XSS stored on ton.twitter.com Cross-site Scripting (XSS) - Generic seifelsallamy No rating 2017-07-06
csp bypass + xss Cross-site Scripting (XSS) - Generic kenan No rating 2017-07-06
[Studio.twitter.com] See someone else pics Improper Authentication - Generic appsecure_in No rating 2017-06-22
Vine - overwrite account associated with email via android application Improper Authentication - Generic mishre Medium 2017-06-15
[██████████.gnip.com] .htpasswd disclosure None supplied rbcafe Critical 2017-05-27
[URGENT] Opportunity to publish tweets on any twitters account None supplied kedrisch High 2017-05-23
[IDOR][translate.twitter.com] Opportunity to change any comment at the forum Privilege Escalation kedrisch Low 2017-05-12
[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME Cross-site Scripting (XSS) - Reflected ysx Medium 2017-05-08
HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter Information Disclosure zlz Low 2017-05-08
Bypassing Digits bridge origin validation Improper Authentication - Generic filedescriptor No rating 2017-04-30
Multiple DOMXSS on Amplify Web Player Cross-site Scripting (XSS) - Generic filedescriptor No rating 2017-04-15
CSRF on cards API Cross-Site Request Forgery (CSRF) filedescriptor No rating 2017-04-11
DOM based cookie bomb Denial of Service filedescriptor No rating 2017-04-11
SSRF in https://cards-dev.twitter.com/validator Server-Side Request Forgery (SSRF) mindaugas Medium 2017-04-06
DOMXSS in Tweetdeck Cross-site Scripting (XSS) - Generic filedescriptor No rating 2017-04-02
niche s3 buckets are readable/writeable/deleteable by authorized AWS users Improper Authentication - Generic yaworsk No rating 2017-04-02
Attacker can get vine repost user all informations even Ip address and location . Improper Authentication - Generic prial261 No rating 2017-03-25
Remote Unrestricted file Creation/Deletion and Possible RCE. Code Injection zigoo0 Low 2017-02-26
Sub Domain Takeover at mk.prd.vine.co None supplied punkrock No rating 2017-02-13
GNIP subdomain take over None supplied hussein98d High 2017-02-06
Clickjacking Periscope.tv on Chrome UI Redressing (Clickjacking) mishre Medium 2017-02-06
Stealing User emails by clickjacking cards.twitter.com/xxx/xxx UI Redressing (Clickjacking) akhil-reni Medium 2017-02-03
leaking Digits OAuth authorization to third party websites Information Disclosure akhil-reni No rating 2017-01-24
Twitter for android is exposing user's location to any installed android app Information Disclosure mishre Low 2017-01-13
Twitter iOS fails to validate server certificate and sends oauth token Cryptographic Issues - Generic floyd High 2016-12-23
Information Disclosure through .DS_Store in ██████████ Information Disclosure lewerkun No rating 2016-12-12
Cross-site scripting (reflected) Cross-site Scripting (XSS) - Generic linkks Medium 2016-12-09
XSS using javascript:alert(8007) Cross-site Scripting (XSS) - Generic bains Low 2016-11-28
View liked twits of private account via publish.twitter.com Information Disclosure kedrisch Medium 2016-11-14
Full Path Disclosure at 27.prd.vine.co None supplied punkrock Low 2016-10-22
List of a ton of internal twitter servers available on GitHub Information Disclosure a0005 No rating 2016-10-17
reverb.twitter.com redirects to vulnerable reverb.guru None supplied theraz0r No rating 2016-10-01
Html Injection and Possible XSS in sms-be-vip.twitter.com Cross-site Scripting (XSS) - Generic secgeek No rating 2016-08-29
File Upload XSS in image uploading of App in mopub Cross-site Scripting (XSS) - Generic vijay_kumar1110 No rating 2016-08-26
Add tweet to collection CSRF Cross-Site Request Forgery (CSRF) vijay_kumar1110 No rating 2016-08-22
Urgent : Disclosure of all the apps with hash ID in mopub through API request (Authentication bypass) Improper Authentication - Generic vijay_kumar1110 No rating 2016-08-22
Bypassing callback_url validation on Digits Open Redirect filedescriptor No rating 2016-08-12
Bypassing Digits web authentication's host validation with HPP Improper Authentication - Generic filedescriptor No rating 2016-08-12
XSS in the "Poll" Feature on Twitter.com Cross-site Scripting (XSS) - Generic mazen160 No rating 2016-08-12
XSS via Fabrico Account Name Cross-site Scripting (XSS) - Generic adeelimtiaz90 No rating 2016-07-11
[Critical] - Steal OAuth Tokens Improper Authentication - Generic paulos_ No rating 2016-07-11
xss in link items (mopub.com) Cross-site Scripting (XSS) - Generic cymtrick No rating 2016-07-05
Tweetdeck (twitter owned app) not revoked Improper Authentication - Generic maxy No rating 2016-04-29
xss in DM group name in twitter Cross-site Scripting (XSS) - Generic ashish_r_padelkar No rating 2016-04-22
Profile Pic padding (Length-hiding) fails due to use of GZIP Information Disclosure ericlaw No rating 2016-03-18
Sub-Domain Takeover None supplied bugdisclose No rating 2016-03-18
Tweet Deck XSS- Persistent- Group DM name Cross-site Scripting (XSS) - Generic akhil-reni No rating 2016-03-04
Can see private tweets via keyword searches on tweetdeck Privilege Escalation maxy No rating 2016-02-16
IDOR- Activate Mopub on different organizations- steal api token- Fabric.io Improper Authentication - Generic akhil-reni No rating 2016-01-25
Subdomain Expired Improper Authentication - Generic hak No rating 2016-01-15
URGENT : NICHE.co Account Take Over Vulnerability Cross-Site Request Forgery (CSRF) hussein98d No rating 2015-12-21
Following a User Actually Follows Another User Open Redirect ericr No rating 2015-12-02
Following a User After Favoriting Actually Follows Another User (related to #95243) UI Redressing (Clickjacking) ericr No rating 2015-12-02
XSS on OAuth authorize/authenticate endpoint Cross-site Scripting (XSS) - Generic filedescriptor No rating 2015-11-20
Problem with OAuth Improper Authentication - Generic anonymous100928 No rating 2015-11-14
Fabric.io: Ex-admin of an organization can delete team members Privilege Escalation satishb3 No rating 2015-11-01
Insecure direct object reference - have access to deleted DM's Improper Authentication - Generic akhil-reni No rating 2015-10-12
Insecure Direct Object Reference - access to other user/group DM's Privilege Escalation akhil-reni No rating 2015-10-03
POODLE Bug: 199.16.156.44, 199.16.156.108, mx4.twitter.com Cryptographic Issues - Generic isox No rating 2015-09-20
Improper Verification of email address while saving Account Settings Violation of Secure Design Principles anshuman_bh No rating 2015-08-13
Bad extended ascii handling in HTTP 301 redirects of t.co Open Redirect cqoicebordel No rating 2015-08-09
Insecure Data Storage in Vine Android App Cryptographic Issues - Generic avicoder_ No rating 2015-06-24
Reporting user's profile by using another people's ID Open Redirect hussein98d No rating 2015-06-11
Cross site Port Scanning bug in twitter developers console Cryptographic Issues - Generic d1pakda5 No rating 2015-05-23
Privecy Issue : view "Protected users" followers and following Improper Authentication - Generic kaito No rating 2015-05-15
Privacy Issue on protected tweets Improper Authentication - Generic dia2diab No rating 2015-05-14
Unauthorized Tweeting on behalf of Account Owners Violation of Secure Design Principles anshuman_bh No rating 2015-05-07
HTTP Response Splitting (CRLF injection) due to headers overflow None supplied filedescriptor No rating 2015-05-05
Twitter Card - Parent Window Redirection Cross-site Scripting (XSS) - Generic batuhan No rating 2015-05-05
[mobile.twitter.com / twitter.com] CSRF protection bypass Cross-Site Request Forgery (CSRF) bobrov No rating 2015-05-04
iOS App can establish Facetime calls without user's permission Cross-Site Request Forgery (CSRF) gepeto42 No rating 2015-04-27
Twitter Ads Campaign information disclosure through admin without any authentication. Improper Authentication - Generic avicoder_ No rating 2015-04-25
HTTP Response Splitting (CRLF injection) in report_story None supplied filedescriptor No rating 2015-04-21
twitter android app Fragment Injection Command Injection - Generic miantaiduo No rating 2015-04-12
XSS in twitter.com/safety/unsafe_link_warning Cross-site Scripting (XSS) - Generic masatokinugawa No rating 2015-04-04
Open Redirect leak of authenticity_token lead to full account take over. Open Redirect seifelsallamy No rating 2015-04-03
[Stored XSS] vine.co - profile page Cross-site Scripting (XSS) - Generic xorb No rating 2015-03-26
Singup Page HTML Injection Vulnerability Command Injection - Generic ashwarya_me No rating 2015-03-22
open redirect sends authenticity_token to any website or (ip address) Open Redirect seifelsallamy No rating 2015-03-14
getting emails of users/removing them from victims account [using typical attack] Improper Authentication - Generic akhil-reni No rating 2015-03-13
XSS in original referrer after follow Cross-site Scripting (XSS) - Generic akhil-reni No rating 2015-03-09
Fabric.io - an app admin can delete team members from other user apps Privilege Escalation satishb3 No rating 2015-03-09
fabric.io - app member can make himself an admin Privilege Escalation satishb3 No rating 2015-03-09
User's DM won't deleted after logout from Twitter for iOS (com.atebits.xxx.application-state) None supplied config No rating 2015-02-26
Redirect URL in /intent/ functionality is not properly escaped Cross-site Scripting (XSS) - Generic homakov No rating 2015-02-24
URGENT - SUBDOMAIN TAKEOVER ON TWITTER ACQ. Code Injection simon90 No rating 2015-02-21
Path disclosure in platform0.twitter.com Information Disclosure avicoder_ No rating 2015-02-20
Flaw in login with twitter to steal Oauth tokens Improper Authentication - Generic akhil-reni No rating 2015-02-18
HTML/XSS rendered in Android App of Crashlytics through fabric.io Cross-site Scripting (XSS) - Generic akhil-reni No rating 2015-02-18
Account Deleted without any confirmation Improper Authentication - Generic sappi No rating 2015-02-05
No rate limiting on creating lists Violation of Secure Design Principles sappi No rating 2015-01-06
Notifications can mark as read by CSRF Cross-Site Request Forgery (CSRF) batuhan No rating 2015-01-03
Homograph attack. Violation of Secure Design Principles shivathegame No rating 2015-01-01
URGENT - Subdomain Takeover on users.tweetdeck.com , the same issue of report #32825 Code Injection missoum1307 No rating 2015-01-01
Abuse of "Remember Me" functionality. Improper Authentication - Generic gadhiyasavan No rating 2014-12-29
Options Method Enabled None supplied ruisilva No rating 2014-12-26
Option Method Enabled on web server None supplied ruisilva No rating 2014-12-25
XSS in fabric.io Cross-site Scripting (XSS) - Generic atom No rating 2014-12-23
Open redirection in fabric.io Open Redirect avicoder_ No rating 2014-12-18
BROKEN AUTHENTICATION IN MOBILE VERIFICATION Violation of Secure Design Principles geekboy No rating 2014-12-15
DOM Cross-Site Scripting ( XSS ) Cross-site Scripting (XSS) - Generic avram No rating 2014-12-04
Flaw in valid password policy. Improper Authentication - Generic siddiki No rating 2014-12-01
Broken authentication and invalidated email address leads to account takeover Cryptographic Issues - Generic born2hack No rating 2014-11-29
Creating Unauthorized Audience Lists Violation of Secure Design Principles anshuman_bh No rating 2014-11-28
ads.twitter.com xss Cross-site Scripting (XSS) - Generic arbitrarycode No rating 2014-11-17
Full path disclosure at ads.twitter.com Information Disclosure internetwache No rating 2014-11-17
Token remains alive ever after logging out! Improper Authentication - Generic shahriyar No rating 2014-11-17
XSS platform.twitter.com | video-js metadata Cross-site Scripting (XSS) - Generic batram No rating 2014-11-17
XSS platform.twitter.com Cross-site Scripting (XSS) - Generic batram No rating 2014-11-17
Headers Missing Violation of Secure Design Principles hammad No rating 2014-11-15
Missing Rate Limiting on https://twitter.com/account/complete Information Disclosure surgent10cross No rating 2014-11-10
URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS Cross-site Scripting (XSS) - Generic fransrosen No rating 2014-11-04
Cross site scripting on ads.twitter.com Cross-site Scripting (XSS) - Generic appsecure_in No rating 2014-10-16
Twitter Flight SSL 2.0 deprecated protocol vulnerability. Cryptographic Issues - Generic simon90 No rating 2014-10-07
HTML form without CSRF protection at http://try.crashlytics.com/enterprise/ Cross-Site Request Forgery (CSRF) karthik-reddy No rating 2014-10-02
Delete Credit Cards from any Twitter Account in ads.twitter.com [New Vulnerability] Improper Authentication - Generic secgeek No rating 2014-09-30
Stored xss Cross-site Scripting (XSS) - Generic detroitsmash No rating 2014-09-27
Captcha bypass with extension at http://www.mopub.com/about/contact/ Cryptographic Issues - Generic vineet No rating 2014-09-22
CSRF in crashlytics.com Cross-Site Request Forgery (CSRF) defmax No rating 2014-09-08
Password reset link not validated. Denial of Service born2hack No rating 2014-08-31
uclfinal.twitter.com and euro2012.twitter.com are vulnerable to CRIME attack Cryptographic Issues - Generic mohaab007 No rating 2014-08-17
XSS ON MOPUB.COM Cross-site Scripting (XSS) - Generic jpsecurityresearch No rating 2014-08-15
password sent over HTTP Cryptographic Issues - Generic mohaab007 No rating 2014-08-05
Cookie not marked as secure. None supplied simon90 No rating 2014-08-04
XSS vulnerability in video player page Cross-site Scripting (XSS) - Generic guido No rating 2014-08-02