Public Pornhub bug reports.

Team Bounty Title
Pornhub - Private videos can be added to our playlists
Pornhub $500 Stored XSS in the any user profile using website link
Pornhub $750 nickname field is vulnerable on xss
Pornhub $250 Partial disclosure of Private Videos through data-mediabook attribute information leak
Pornhub - XSS on
Pornhub $350 Mixed Reflected-Stored XSS on (without user interaction) in the playlist playing section
Pornhub $250 Reflected XSS in login redirection module
Pornhub - Reflected XSS on - /export/GetPreview
Pornhub $500 Blind Stored XSS against Pornhub employees using Amateur Model Program
Pornhub $50 stored XSS in widget stylesheet
Pornhub $1,500 Wordpress Content injection
Pornhub - Debug.log file Exposed to Public \Full Path Disclosure\
Pornhub $250 XSS Vulnerability at URL endpoint
Pornhub $250 [xss], /redeem?code= URL endpoint
Pornhub $1,000 XSS vulnerability using GIF tags
Pornhub $5,000 Unsecured DB instance
Pornhub $750 Unsecured Kibana/Elasticsearch instance
Pornhub $150 Stored XSS on the
Pornhub $1,500 IDOR - disclosure of private videos - /api_android_v3/getUserVideos
Pornhub $520 Race Condition Vulnerability On
Pornhub $200 Reflected cross-site scripting (XSS) vulnerability in allows attackers to inject arbitrary web script or HTML.
Pornhub $750 Unsecured Grafana instance
Pornhub $750 Disclosure of private photos/albums -
Pornhub $1,500 [idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)
Pornhub $500 RCE Possible Via Video Manager Export using @ character in Video Title
Pornhub $10,000 [RCE] Unserialize to XXE - file disclosure on
Pornhub $1,500 (Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access
Pornhub $20,000 [phpobject in cookie] Remote shell/command execution
Pornhub $1,000 Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint
Pornhub - Reflected XSS by way of jQuery function
Pornhub $750 [idor] Profile Admin can pin any other user's post on his stream wall
Pornhub $1,000 SSRF & XSS (W3 Total Cache)
Pornhub $1,000 [IDOR] Deleting other users comment
Pornhub $150 Same-Origin Method Execution bug in plupload.flash.swf on /insights
Pornhub $5,000 Weak user aunthentication on mobile application - I just broken userKey secret password
Pornhub $1,500 [stored xss,] stream post function
Pornhub $250 XSS Reflected incategories*p
Pornhub $250 XSS ReflectedGET /*embed_player*?
Pornhub $1,500 [IDOR] post to anyone even if their stream is restricted to friends only
Pornhub $100 CSV Macro injection in Video Manager (CEMI)
Pornhub - vulnerabilitie
Pornhub $250 Public Facing Barracuda Login
Pornhub $2,500 Unprotected Memcache Installation running
Pornhub $50 HTTP Track/Trace Method Enabled
Pornhub $1,500 [ssrf] libav vulnerable during conversion of uploaded videos
Pornhub $50 [crossdomain.xml] Dangerous Flash Cross-Domain Policy
Pornhub $250 PornIQ Reflected Cross-Site Scripting
Pornhub $250 Reflected Cross-Site Scripting on French subdomain
Pornhub $250 Cross Site Scripting - On Mouse Over, Blog page
Pornhub $250 [xss,] /user/[username], multiple parameters
Pornhub $100 [reflected xss,] /blog, any
Pornhub $50 Cross Site Scripting – Album Page
Pornhub $5,000 Unauthenticated access to Content Management System -
Pornhub $2,500 Multiple endpoints are vulnerable to XML External Entity injection (XXE)
Pornhub $10,000 Publicly exposed SVN repository,