Report Email Alerts 11396 reported vulnerabilities, 2065 fixed vulnerabilities
9483 vulnerable websites, 2028 vulnerable VIP websites
317 security researchers, 775 notification subscribers
Launched on 18/06/14, latest submission on 27/04/15

Top Alexa Rank Websites

baidu.com by BruteLogic

amazon.com by MLT

taobao.com by wangjing

tmall.com by Buglloc

amazon.co.jp by MLT

ask.com by SymbianSyMoh

microsoft.com by E1337

imdb.com by BruteLogic

craigslist.org by xsscrapy

amazon.de by PsychoMantis

xhamster.com by Nasrul07

bbc.co.uk by SecBit

amazon.co.uk by MLT

espn.go.com by BruteLogic

pornhub.com by Buglloc

amazon.cn by PsychoMantis

ebay.de by Tactic4l

si.com by v0raz

adobe.com by bankir

dailymail.co.uk by xsscrapy

huffingtonpost.com by yarbabin

indiatimes.com by wangjing

booking.com by xsscrapy

nytimes.com by nopernik

wikia.com by BruteLogic

outbrain.com by BruteLogic

chase.com by v0raz

youporn.com by Nasrul07

about.com by BruteLogic

livejasmin.com by Nasrul07

TOP XSS Researchers

BruteLogic
Reported 1248 vulnerable websites

V1RUS4
Reported 914 vulnerable websites

PsychoMantis
Reported 891 vulnerable websites

watt
Reported 591 vulnerable websites

en4rab
Reported 580 vulnerable websites

MLT
Reported 281 vulnerable websites

Dshellnoi_Unix
Reported 264 vulnerable websites

SecBit
Reported 256 vulnerable websites

Nasrul07
Reported 222 vulnerable websites

v0raz
Reported 212 vulnerable websites

nopernik
Reported 174 vulnerable websites

xssme
Reported 159 vulnerable websites

e3xpl0it
Reported 150 vulnerable websites

zulu_666
Reported 133 vulnerable websites

E1337
Reported 129 vulnerable websites

X-P10it hun73r
Reported 129 vulnerable websites

yarbabin
Reported 110 vulnerable websites

Toggaf
Reported 102 vulnerable websites

unwritten0worm
Reported 97 vulnerable websites

mr.Nick
Reported 96 vulnerable websites

Latest Submissions

cliffsnotes.com
XSS by PsychoMantis 27/04/2015

wordhippo.com
XSS by PsychoMantis 27/04/2015

911tabs.com
XSS by PsychoMantis 27/04/2015

ilga.gov
XSS by ZxX 27/04/2015

loksabha2014.bharatiyamobile.com
XSS by Rahuldk 27/04/2015

writtensound.com
XSS by Rahuldk 27/04/2015

lawhandbook.sa.gov.au
XSS by Rahuldk 27/04/2015

banklocations.in
XSS by Rahuldk 27/04/2015

staffhub.com
XSS by Rahuldk 27/04/2015

atmgurus.com
XSS by Rahuldk 27/04/2015

students-prod.anu.edu.au
XSS by Rahuldk 27/04/2015

hope.edu
XSS by Rahuldk 27/04/2015

accesswhois.com
XSS by ManicSec 27/04/2015

jos.nu
XSS by ManicSec 27/04/2015

ustanorcal.com
XSS by ManicSec 27/04/2015

findamasters.com
XSS by ManicSec 27/04/2015

issg.org
XSS by ManicSec 27/04/2015

issg.org
XSS by ManicSec 27/04/2015

aswwu.com
XSS by Rahuldk 27/04/2015

ilga.gov
XSS by ManicSec 27/04/2015

Top Google PR Websites

theeuropeanlibrary.org by BruteLogic

addthis.com by yarbabin

baidu.com.cn by BruteLogic

baidu.cn by BruteLogic

baidu.com by BruteLogic

bbc.co.uk by PsychoMantis

un.org by PsychoMantis

europa.eu by PsychoMantis

web.mit.edu by PsychoMantis

goturkey.com by initbar

ec.europa.eu by PsychoMantis

governoeletronico.gov.br by PsychoMantis

stanford.edu by PsychoMantis

legifrance.gouv.fr by PsychoMantis

cnrs.fr by Anonymous

loc.gov by PyschoMantis

mailchimp.com by nopernik

nytimes.com by nopernik

nature.com by billyzane

adobe.com by bankir

worldcat.org by yarbabin

sciencedirect.com by yarbabin

gallica.bnf.fr by yarbabin

bnf.fr by yarbabin

bl.uk by yarbabin

csail.mit.edu by yarbabin

w3.org by yarbabin

noaa.gov by yarbabin

inria.fr by yarbabin

Top VIP XSS Researchers

BruteLogic
Reported 337 vulnerable VIP websites

PsychoMantis
Reported 237 vulnerable VIP websites

watt
Reported 130 vulnerable VIP websites

en4rab
Reported 108 vulnerable VIP websites

Nasrul07
Reported 103 vulnerable VIP websites

v0raz
Reported 94 vulnerable VIP websites

yarbabin
Reported 92 vulnerable VIP websites

SecBit
Reported 92 vulnerable VIP websites

nopernik
Reported 65 vulnerable VIP websites

E1337
Reported 61 vulnerable VIP websites

e3xpl0it
Reported 48 vulnerable VIP websites

NewLife705
Reported 46 vulnerable VIP websites

MLT
Reported 45 vulnerable VIP websites

initbar
Reported 38 vulnerable VIP websites

Toggaf
Reported 38 vulnerable VIP websites

xssme
Reported 37 vulnerable VIP websites

Dshellnoi_Unix
Reported 33 vulnerable VIP websites

V1RUS4
Reported 22 vulnerable VIP websites

xsscrapy
Reported 18 vulnerable VIP websites

Tactic4l
Reported 17 vulnerable VIP websites

Unpatched VIP Websites

search.vivastreet.co.in
124 unpatched vulnerabilities

expatads.com
96 unpatched vulnerabilities

gob.mx
42 unpatched vulnerabilities

freakshare.com
25 unpatched vulnerabilities

ibusiness.de
20 unpatched vulnerabilities

opensecrets.org
20 unpatched vulnerabilities

edu.cn
15 unpatched vulnerabilities

novell.com
16 unpatched vulnerabilities

okezone.com
12 unpatched vulnerabilities

shop.com
12 unpatched vulnerabilities

stanford.edu
12 unpatched vulnerabilities

espn.go.com
16 unpatched vulnerabilities

reference.com
16 unpatched vulnerabilities

mlb.com
12 unpatched vulnerabilities

ask.com
12 unpatched vulnerabilities

europa.eu
13 unpatched vulnerabilities

buxp.org
9 unpatched vulnerabilities

ge.ch
10 unpatched vulnerabilities

puzzlemaker.discoveryeducation.com
8 unpatched vulnerabilities

cnews.ru
9 unpatched vulnerabilities

Making Web Safer

The main reason why security researchers post XSS vulnerabilities on our archive is negligence and arrogance of website administrators who don't even bother to reply when researchers send information about XSS to them directly. Even companies with "Bug bounties" programs are present in our archive.

Nevertheless, the aim of the project is to make Web safer, therefore for every XSS vulnerability that we manually approve after submission, website administrator receives an email notification about the vulnerability. The notification is automatic and is sent to generic security emails, and/or to the emails from WHOIS. In order to prevent spam - the email is sent only for the first vulnerability affecting the domain. We also try to notify via twitter.

If you want to receive customized email alerts for your domain(s) before their approval - you can subscribe here.


On the 27/04/2015 administration of optimization.mit.edu fixed XSS vulnerability reported by security researcher PsychoMantis. Website optimization.mit.edu was vulnerable for 25 days since notification, now the vulnerability is patched.

On the 27/04/2015 administration of jooble.ua fixed XSS vulnerability reported by security researcher e3xpl0it. Website jooble.ua was vulnerable for 37 days since notification, now the vulnerability is patched.

On the 27/04/2015 administration of wtae.com fixed XSS vulnerability reported by security researcher BruteLogic. Website wtae.com was vulnerable for 33 days since notification, now the vulnerability is patched.

On the 27/04/2015 administration of bucknell.edu fixed XSS vulnerability reported by security researcher PsychoMantis. Website bucknell.edu was vulnerable for 34 days since notification, now the vulnerability is patched.

On the 27/04/2015 administration of capital-style.com fixed XSS vulnerability reported by security researcher BruteLogic. Website capital-style.com was vulnerable for 33 days since notification, now the vulnerability is patched.

On the 27/04/2015 administration of lyricsdepot.com fixed XSS vulnerability reported by security researcher PsychoMantis. Website lyricsdepot.com was vulnerable for 29 days since notification, now the vulnerability is patched.

On the 26/04/2015 administration of training.dominos.com.au fixed XSS vulnerability reported by security researcher rmsg0d. Website training.dominos.com.au was vulnerable for 3 days since notification, now the vulnerability is patched.

On the 26/04/2015 administration of nykaa.com fixed XSS vulnerability reported by security researcher securevu. Website nykaa.com was vulnerable for 18 days since notification, now the vulnerability is patched.

On the 26/04/2015 administration of meinladen24.de fixed XSS vulnerability reported by security researcher watt. Website meinladen24.de was vulnerable for 1 day since notification, now the vulnerability is patched.

On the 26/04/2015 administration of elperiodic.ad fixed XSS vulnerability reported by security researcher r3vengine. Website elperiodic.ad was vulnerable for 35 days since notification, now the vulnerability is patched.