Skip to main content

Cross-Site Scripting (XSS) Vulnerabilities

A list of XSS vulnerabilities that I reported.

note

The Alexa Global Rankings in the list below is not up to date.

mediafire.com#

mediafire xss vulnerability

Alexa Global Rank(at the time): 150

Date: 2013

avast.com#

avast xss vulnerability
avast email

I filed a security report on 16 September 2013 and received avast first reply on 17 September 2013.

imgur.com#

imgur logo
imgur xss vulnerability

A persistent cross site scripting vulnerability located in the private message feature of the site. An attacker can craft a malicious private message and send it to anyone by injecting </textarea><script>payload here</script> into the message body. When a victim views the message, the payload will be executed.

Alexa Ranking(at the time): 90

Reported on October 12 2012 and fixed on October 13 2012.

Extra: Had a little bit of talk with Alan Schaaf (CEO of imgur), he’s a really friendly guy!

ndtv.com#

ndtv logo
ndtv xss vulnerability

Reflected XSS

Alexa Ranking: 442

Fixed on: 17/11/2012

wikiHow.com#

wikiHow logo
wikiHow xss vulnerability

Stored XSS: During registration, an attacker could insert malicious payload into the "real name" field.

This vulnerability was reported on 10 November 2012 and fixed on 24 November 2012. The bug fixing process went very smoothly, thanks to the great engineering team!

mgid.com#

mgid logo
mgid xss vulnerability

Reflected XSS

Alexa Ranking: 226

avg.com.au#

avg Logo
avg XSS Vulnerability

Stored XSS

eHow.com#

eHow Logo
eHow XSS Vulnerability

Reflected XSS

Alexa Global Rank: 265

Ask.com#

Ask Logo
Ask XSS Vulnerability

A Reflected XSS on a subdomain of ask.com

Alexa Ranking: 47

Histats.com#

Histats Logo
Histats XSS Vulnerability

Stored XSS

Toysrus.com#

Toysrus Logo
Toysrus XSS Vulnerability

Reflected XSS

Alexa Ranking (at the time): 444

Weather.com#

Weather Logo
Weather XSS Vulnerability

Reflected XSS

Alexa Ranking (at the time): 119

Panasonic.com.au#

Panasonic Logo
Panasonic XSS Vulnerability

Stored XSS

Goal.com#

Goal Logo
Goal XSS Vulnerability

A reflected XSS in the search bar.

Alexa Ranking (at the time): 320

Fixed on: 11/2012

dictionary.com#

dictionary Logo
dictionary XSS Vulnerability

Reflected XSS

Alexa Ranking (at the time): 179

Fixed on: 11/2012

mywebsearch.com#

mywebsearch Logo
mywebsearch XSS Vulnerability

Reflected XSS

Alexa Ranking (at the time): 77

Fixed on: 17/11/2012

ShoutJax.com#

ShoutJax Logo
ShoutJax XSS Vulnerability

A stored cross site scripting vulnerability located in the shoutbox.

Fixed on: 5/10/2012