Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Imgur - HackerOne Reports

View on HackerOne

25

Total Reports

2

Critical

2

High

12

Medium

3

Low

BUG XSS IN "ADD IMAGES"

Reported by: rioncool22 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

CSRF leads to a stored self xss

Reported by: hogarth45 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bypass subscription

Reported by: 1a2er3d | Disclosed:

Medium

Weakness: Business Logic Errors

SSRF in imgur video GIF conversion

Reported by: mariuszpoplawski | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

HTML Injection with XSS possible

Reported by: malek | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Reflected XSS in m.imgur.com

Reported by: logue | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Sourcemaps and Unminified Source Code Exposed on Pages

Reported by: gennaro | Disclosed:

Medium

Weakness: Improper Access Control - Generic

xss reflected on imgur.com

Reported by: ferdihermawan1337 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Reflected

Xss on community.imgur.com

Reported by: madrobot | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Stored XSS in Post title (PoC)

Reported by: zerox4 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Password Reset Link not expiring after changing the email Leads To Account Takeover

Reported by: alishah | Disclosed:

Medium

Weakness: Improper Authentication - Generic

8ybhy85kld9zp9xf84x6.imgur.com Subdomain Takeover

Reported by: mr_baka | Disclosed:

High

Stored XSS on imgur profile

Reported by: giddsec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Login to any user account using other facebook app access token

Reported by: vinothkumar | Disclosed:

Weakness: Improper Authentication - Generic

De-anonymization Attack: Cross Site Information Leakage

Reported by: soheilkhodayari | Disclosed:

Medium

Weakness: Information Disclosure

Stored xss in ALBUM DESCRIPTION

Reported by: armaanpathan | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`

Reported by: neex | Disclosed:

Critical

Weakness: Command Injection - Generic

CVEs: CVE-2016-10033

Remote Code Execution on Git.imgur-dev.com

Reported by: orange | Disclosed:

Critical

Weakness: Code Injection

Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/

Reported by: sbakhour | Disclosed:

Medium

Weakness: Path Traversal

Information disclosure (No rate limting in forgot password & other login)

Reported by: protector47 | Disclosed:

Weakness: Information Disclosure

Page 1 of 2 Next