XVIDEOS Program Statistics

View program

13 total issues disclosed

$700 total paid publicly

Most disclosed (3 disclosures) — Violation of Secure Design Principles

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Enable 2FA without verifying the email Improper Access Control - Generic samtime Low 2025-05-09
Unauthenticated API Access Exposing Premium Content and Financial Data Information Exposure Through Sent Data mcblockchamp None 2025-02-09
API Data Leakage Vulnerability Report - `xvcams.com` Information Exposure Through Sent Data mcblockchamp None 2025-02-09
Error Page Content Spoofing or Text Injection Violation of Secure Design Principles mcblockchamp No rating 2025-02-07
Error Page Content Spoofing or Text Injection Violation of Secure Design Principles mcblockchamp Low 2025-02-06
Open redirect Open Redirect p_anand1234 None 2025-02-06
Stored XSS via SMTP Error Message Cross-site Scripting (XSS) - Stored chse_ Low 2025-01-24
Lack of Rate Limiting on Account Creation Endpoint None supplied nagu123 Low 2025-01-16
Host Header Injection Attack - www.xnxx.com Violation of Secure Design Principles 2_princeofpersia None 2022-11-08
Self-XSS on Suggest Tag dialog box Cross-site Scripting (XSS) - Stored j3rry4unt Low 2022-11-08
CSRF on delete friend requests - Not protected with CSRF Token Cross-Site Request Forgery (CSRF) sbakhour None 2021-11-26
No-Rate limit of current password on delete account endpoint(https://www.xvideos.com/account/close) None supplied rajput__16 Low 2021-11-23
Script breaking tag (Forces website to render blank) (Informative) Unchecked Error Condition ch1ck3n42 Low 2021-10-23