Public Pornhub bug reports.

Team Bounty Title
Pornhub - Private videos can be added to our playlists
Pornhub $500 Stored XSS in the any user profile using website link
Pornhub $750 pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss
Pornhub $250 Partial disclosure of Private Videos through data-mediabook attribute information leak
Pornhub - XSS on pornhubselect.com
Pornhub $350 Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section
Pornhub $250 Reflected XSS in login redirection module
Pornhub - Reflected XSS on ht.pornhub.com - /export/GetPreview
Pornhub $500 Blind Stored XSS against Pornhub employees using Amateur Model Program
Pornhub $50 http://ht.pornhub.com/ stored XSS in widget stylesheet
Pornhub $1,500 Wordpress Content injection
Pornhub - Debug.log file Exposed to Public \Full Path Disclosure\
Pornhub $250 XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint
Pornhub $250 [xss] pornhubpremium.com, /redeem?code= URL endpoint
Pornhub $1,000 XSS vulnerability using GIF tags
Pornhub $5,000 Unsecured DB instance
Pornhub $750 Unsecured Kibana/Elasticsearch instance
Pornhub $150 Stored XSS on the http://ht.pornhub.com/widgets/
Pornhub $1,500 IDOR - disclosure of private videos - /api_android_v3/getUserVideos
Pornhub $520 Race Condition Vulnerability On Pornhubpremium.com
Pornhub $200 Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML.
Pornhub $750 Unsecured Grafana instance
Pornhub $750 Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box
Pornhub $1,500 [idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)
Pornhub $500 RCE Possible Via Video Manager Export using @ character in Video Title
Pornhub $10,000 [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com
Pornhub $1,500 (Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access
Pornhub $20,000 [phpobject in cookie] Remote shell/command execution
Pornhub $1,000 Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint
Pornhub - Reflected XSS by way of jQuery function
Pornhub $750 [idor] Profile Admin can pin any other user's post on his stream wall
Pornhub $1,000 SSRF & XSS (W3 Total Cache)
Pornhub $1,000 [IDOR] Deleting other users comment
Pornhub $150 Same-Origin Method Execution bug in plupload.flash.swf on /insights
Pornhub $5,000 Weak user aunthentication on mobile application - I just broken userKey secret password
Pornhub $1,500 [stored xss, pornhub.com] stream post function
Pornhub $250 XSS Reflected incategories*p
Pornhub $250 XSS ReflectedGET /*embed_player*?
Pornhub $1,500 [IDOR] post to anyone even if their stream is restricted to friends only
Pornhub $100 CSV Macro injection in Video Manager (CEMI)
Pornhub - vulnerabilitie
Pornhub $250 Public Facing Barracuda Login
Pornhub $2,500 Unprotected Memcache Installation running
Pornhub $50 HTTP Track/Trace Method Enabled
Pornhub $1,500 [ssrf] libav vulnerable during conversion of uploaded videos
Pornhub $50 [crossdomain.xml] Dangerous Flash Cross-Domain Policy
Pornhub $250 PornIQ Reflected Cross-Site Scripting
Pornhub $250 Reflected Cross-Site Scripting on French subdomain
Pornhub $250 Cross Site Scripting - On Mouse Over, Blog page
Pornhub $250 [xss, pornhub.com] /user/[username], multiple parameters
Pornhub $100 [reflected xss, pornhub.com] /blog, any
Pornhub $50 Cross Site Scripting – Album Page
Pornhub $5,000 Unauthenticated access to Content Management System - www1.pornhubpremium.com
Pornhub $2,500 Multiple endpoints are vulnerable to XML External Entity injection (XXE)
Pornhub $10,000 Publicly exposed SVN repository, ht.pornhub.com