Report Email Alerts 9298 reported vulnerabilities, 1742 fixed vulnerabilities
7757 vulnerable websites, 1598 vulnerable VIP websites
269 security researchers, 635 notification subscribers
Launched on 18/06/14, latest submission on 30/03/15

Top Alexa Rank Websites

amazon.com by BruteLogic

taobao.com by wangjing

tmall.com by Buglloc

ask.com by SymbianSyMoh

microsoft.com by E1337

imdb.com by BruteLogic

craigslist.org by xsscrapy

xhamster.com by Nasrul07

bbc.co.uk by SecBit

espn.go.com by BruteLogic

pornhub.com by Buglloc

adobe.com by bankir

dailymail.co.uk by xsscrapy

huffingtonpost.com by yarbabin

indiatimes.com by wangjing

booking.com by xsscrapy

nytimes.com by nopernik

wikia.com by BruteLogic

outbrain.com by BruteLogic

youporn.com by Nasrul07

about.com by BruteLogic

livejasmin.com by Nasrul07

w3schools.com by xsscrapy

weather.com by SecBit

theguardian.com by xsscrapy

mailchimp.com by NewLife705

forbes.com by SecBit

mama.cn by xsscrapy

reference.com by nopernik

wikihow.com by BruteLogic

TOP XSS Researchers

BruteLogic
Reported 1112 vulnerable websites

V1RUS4
Reported 914 vulnerable websites

en4rab
Reported 580 vulnerable websites

watt
Reported 474 vulnerable websites

PsychoMantis
Reported 317 vulnerable websites

Dshellnoi_Unix
Reported 264 vulnerable websites

SecBit
Reported 254 vulnerable websites

Nasrul07
Reported 222 vulnerable websites

nopernik
Reported 171 vulnerable websites

xssme
Reported 159 vulnerable websites

zulu_666
Reported 133 vulnerable websites

E1337
Reported 129 vulnerable websites

X-P10it hun73r
Reported 129 vulnerable websites

yarbabin
Reported 104 vulnerable websites

Toggaf
Reported 102 vulnerable websites

unwritten0worm
Reported 97 vulnerable websites

mr.Nick
Reported 96 vulnerable websites

GlobalSecurityHackers
Reported 89 vulnerable websites

CUS
Reported 81 vulnerable websites

Tactic4l
Reported 76 vulnerable websites

Latest Submissions

extremetech.com
XSS by BruteLogic 30/03/2015

vid.nl
XSS by PsychoMantis 30/03/2015

mobiles4everyone.com
XSS by PsychoMantis 30/03/2015

cgi.weather.com
XSS by PsychoMantis 30/03/2015

trc-canada.com
XSS by PsychoMantis 30/03/2015

premierleague.com
XSS by PsychoMantis 30/03/2015

edible.co.nz
XSS by PsychoMantis 30/03/2015

freenjsearch.com
XSS by PsychoMantis 30/03/2015

secure2.palmcoastd.com
XSS by PsychoMantis 30/03/2015

aboutadidam.org
XSS by PsychoMantis 30/03/2015

repertoire.bmi.com
XSS by PsychoMantis 30/03/2015

flirt4free.com
XSS by PsychoMantis 30/03/2015

google.nyu.edu
XSS by PsychoMantis 30/03/2015

whois.dyndns.com
XSS by PsychoMantis 30/03/2015

eatability.com.au
XSS by PsychoMantis 30/03/2015

ryerson.ca
XSS by PsychoMantis 30/03/2015

cbc.ca
XSS by PsychoMantis 30/03/2015

tizag.com
XSS by PsychoMantis 30/03/2015

www2.secureie.com
XSS by PsychoMantis 30/03/2015

registration.excite.com
XSS by PsychoMantis 30/03/2015

Top Google PR Websites

theeuropeanlibrary.org by BruteLogic

addthis.com by yarbabin

cnrs.fr by Anonymous

loc.gov by PyschoMantis

nytimes.com by nopernik

nature.com by billyzane

adobe.com by bankir

worldcat.org by yarbabin

sciencedirect.com by yarbabin

gallica.bnf.fr by yarbabin

bnf.fr by yarbabin

bl.uk by yarbabin

csail.mit.edu by yarbabin

w3.org by yarbabin

un.org by yarbabin

stanford.edu by yarbabin

noaa.gov by yarbabin

inria.fr by yarbabin

europeana.eu by yarbabin

emeraldinsight.com by en4rab

ed.ac.uk by en4rab

store.apple.com by SecBit

europa.eu by en4rab

ethz.ch by V1RUS4

mailchimp.com by NewLife705

creativecommons.org by SymbianSyMoh

ec.europa.eu by monkeyMan

Top VIP XSS Researchers

BruteLogic
Reported 313 vulnerable VIP websites

watt
Reported 125 vulnerable VIP websites

en4rab
Reported 108 vulnerable VIP websites

Nasrul07
Reported 103 vulnerable VIP websites

SecBit
Reported 92 vulnerable VIP websites

yarbabin
Reported 89 vulnerable VIP websites

nopernik
Reported 62 vulnerable VIP websites

E1337
Reported 61 vulnerable VIP websites

NewLife705
Reported 46 vulnerable VIP websites

PsychoMantis
Reported 42 vulnerable VIP websites

Toggaf
Reported 38 vulnerable VIP websites

xssme
Reported 37 vulnerable VIP websites

Dshellnoi_Unix
Reported 33 vulnerable VIP websites

e3xpl0it
Reported 25 vulnerable VIP websites

V1RUS4
Reported 22 vulnerable VIP websites

xsscrapy
Reported 18 vulnerable VIP websites

Tactic4l
Reported 16 vulnerable VIP websites

X-P10it hun73r
Reported 15 vulnerable VIP websites

ral249
Reported 13 vulnerable VIP websites

sinkmanu
Reported 12 vulnerable VIP websites

Unpatched VIP Websites

search.vivastreet.co.in
124 unpatched vulnerabilities

expatads.com
96 unpatched vulnerabilities

freakshare.com
25 unpatched vulnerabilities

opensecrets.org
19 unpatched vulnerabilities

edu.cn
13 unpatched vulnerabilities

novell.com
16 unpatched vulnerabilities

reference.com
14 unpatched vulnerabilities

okezone.com
12 unpatched vulnerabilities

shop.com
12 unpatched vulnerabilities

mlb.com
12 unpatched vulnerabilities

espn.go.com
14 unpatched vulnerabilities

buxp.org
9 unpatched vulnerabilities

ge.ch
10 unpatched vulnerabilities

cnews.ru
9 unpatched vulnerabilities

turbobit.net
8 unpatched vulnerabilities

creativecommons.org
13 unpatched vulnerabilities

weather.com
15 unpatched vulnerabilities

getiton.com
9 unpatched vulnerabilities

ask.com
9 unpatched vulnerabilities

inderscience.com
7 unpatched vulnerabilities

Making Web Safer

The main reason why security researchers post XSS vulnerabilities on our archive is negligence and arrogance of website administrators who don't even bother to reply when researchers send information about XSS to them directly. Even companies with "Bug bounties" programs are present in our archive.

Nevertheless, the aim of the project is to make Web safer, therefore for every XSS vulnerability that we manually approve after submission, website administrator receives an email notification about the vulnerability. The notification is automatic and is sent to generic security emails, and/or to the emails from WHOIS. In order to prevent spam - the email is sent only for the first vulnerability affecting the domain. We also try to notify via twitter.

If you want to receive customized email alerts for your domain(s) before their approval - you can subscribe here.


On the 30/03/2015 administration of vetorial.net fixed XSS vulnerability reported by security researcher BruteLogic. Website vetorial.net was vulnerable for 28 days since notification, now the vulnerability is patched.

On the 30/03/2015 administration of manolakoshomes.com fixed XSS vulnerability reported by security researcher BruteLogic. Website manolakoshomes.com was vulnerable for 27 days since notification, now the vulnerability is patched.

On the 30/03/2015 administration of privatehomeclips.com fixed XSS vulnerability reported by security researcher yarbabin. Website privatehomeclips.com was vulnerable for 27 days since notification, now the vulnerability is patched.

On the 29/03/2015 administration of dispatch.com fixed XSS vulnerability reported by security researcher BruteLogic. Website dispatch.com was vulnerable for 5 days since notification, now the vulnerability is patched.

On the 29/03/2015 administration of bellshillspeaker.co.uk fixed XSS vulnerability reported by security researcher BruteLogic. Website bellshillspeaker.co.uk was vulnerable for 2 days since notification, now the vulnerability is patched.

On the 29/03/2015 administration of berwick-advertiser.co.uk fixed XSS vulnerability reported by security researcher BruteLogic. Website berwick-advertiser.co.uk was vulnerable for 2 days since notification, now the vulnerability is patched.

On the 29/03/2015 administration of hawick-news.co.uk fixed XSS vulnerability reported by security researcher BruteLogic. Website hawick-news.co.uk was vulnerable for 2 days since notification, now the vulnerability is patched.

On the 29/03/2015 administration of nycdentist.com fixed XSS vulnerability reported by security researcher PsychoMantis. Website nycdentist.com was vulnerable for 2 days since notification, now the vulnerability is patched.

On the 29/03/2015 administration of bostonstandard.co.uk fixed XSS vulnerability reported by security researcher BruteLogic. Website bostonstandard.co.uk was vulnerable for 4 days since notification, now the vulnerability is patched.

On the 29/03/2015 administration of londonderrysentinel.co.uk fixed XSS vulnerability reported by security researcher BruteLogic. Website londonderrysentinel.co.uk was vulnerable for 4 days since notification, now the vulnerability is patched.