XVIDEOS - HackerOne Reports
View on HackerOne13
Total Reports
0
Critical
0
High
0
Medium
7
Low
Enable 2FA without verifying the email
Reported by:
samtime
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
Error Page Content Spoofing or Text Injection
Reported by:
mcblockchamp
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
Lack of Rate Limiting on Account Creation Endpoint
Reported by:
nagu123
|
Disclosed:
Low
Bounty: $200.00
Self-XSS on Suggest Tag dialog box
Reported by:
j3rry4unt
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $50.00
API Data Leakage Vulnerability Report - `xvcams.com`
Reported by:
mcblockchamp
|
Disclosed:
Weakness: Information Exposure Through Sent Data
Unauthenticated API Access Exposing Premium Content and Financial Data
Reported by:
mcblockchamp
|
Disclosed:
Weakness: Information Exposure Through Sent Data
Error Page Content Spoofing or Text Injection
Reported by:
mcblockchamp
|
Disclosed:
Weakness: Violation of Secure Design Principles
Open redirect
Reported by:
p_anand1234
|
Disclosed:
Weakness: Open Redirect
CSRF on delete friend requests - Not protected with CSRF Token
Reported by:
sbakhour
|
Disclosed:
Weakness: Cross-Site Request Forgery (CSRF)
Script breaking tag (Forces website to render blank) (Informative)
Reported by:
ch1ck3n42
|
Disclosed:
Low
Weakness: Unchecked Error Condition
Bounty: $150.00
Host Header Injection Attack - www.xnxx.com
Reported by:
2_princeofpersia
|
Disclosed:
Weakness: Violation of Secure Design Principles
Stored XSS via SMTP Error Message
Reported by:
chse_
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $250.00
No-Rate limit of current password on delete account endpoint(https://www.xvideos.com/account/close)
Reported by:
rajput__16
|
Disclosed:
Low
Bounty: $100.00