Report Email Alerts 7615 reported vulnerabilities, 1092 fixed vulnerabilities
6216 vulnerable websites, 1267 vulnerable VIP websites
248 security researchers, 345 notification subscribers
Launched on 18/06/14, latest submission on 28/02/15

Top Alexa Rank Websites

taobao.com by wangjing

tmall.com by Buglloc

ask.com by SymbianSyMoh

microsoft.com by E1337

imdb.com by xsscrapy

craigslist.org by xsscrapy

xhamster.com by Nasrul07

bbc.co.uk by SecBit

espn.go.com by BruteLogic

pornhub.com by Buglloc

dailymail.co.uk by xsscrapy

indiatimes.com by wangjing

booking.com by xsscrapy

wikia.com by BruteLogic

nytimes.com by xsscrapy

youporn.com by Nasrul07

about.com by BruteLogic

livejasmin.com by Nasrul07

w3schools.com by xsscrapy

weather.com by SecBit

theguardian.com by xsscrapy

outbrain.com by watt

mailchimp.com by NewLife705

forbes.com by SecBit

mama.cn by xsscrapy

wikihow.com by BruteLogic

answers.com by Tactic4l

TOP XSS Researchers

V1RUS4
Reported 955 vulnerable websites

en4rab
Reported 576 vulnerable websites

watt
Reported 445 vulnerable websites

SecBit
Reported 252 vulnerable websites

BruteLogic
Reported 270 vulnerable websites

Nasrul07
Reported 222 vulnerable websites

Dshellnoi_Unix
Reported 264 vulnerable websites

E1337
Reported 129 vulnerable websites

X-P10it hun73r
Reported 129 vulnerable websites

mr.Nick
Reported 96 vulnerable websites

HarshMJoshi
Reported 34 vulnerable websites

xssme
Reported 132 vulnerable websites

zulu_666
Reported 133 vulnerable websites

unwritten0worm
Reported 97 vulnerable websites

Toggaf
Reported 100 vulnerable websites

NewLife705
Reported 59 vulnerable websites

CUS
Reported 81 vulnerable websites

ral249
Reported 71 vulnerable websites

Tactic4l
Reported 76 vulnerable websites

GlobalSecurityHackers
Reported 68 vulnerable websites

Latest Submissions

freelance.ru
XSS by SecBit 28/02/2015

freelance.ru
XSS by SecBit 28/02/2015

lakmebridalstylist.in
XSS by securevu 28/02/2015

craftsvilla.com
XSS by securevu 28/02/2015

filmaffinity.com
XSS by en4rab 28/02/2015

contactmusic.com
XSS by en4rab 28/02/2015

tvguide.com
XSS by en4rab 28/02/2015

nitrd.gov
XSS by MLT 28/02/2015

theeuropeanlibrary.org
XSS by yarbabin 27/02/2015

ask.com
XSS by yarbabin 27/02/2015

ask.com
XSS by yarbabin 27/02/2015

utro.ru
XSS by E1337 27/02/2015

search.nl
XSS by BruteLogic 27/02/2015

shopap.lenovo.com
XSS by SecBit 27/02/2015

musical-hall.com
XSS by GlobalSecurityHackers 27/02/2015

plantsofcanada.info.gc.ca
XSS by GlobalSecurityHackers 27/02/2015

jerusalemeverything.com
XSS by GlobalSecurityHackers 27/02/2015

mustad.no
XSS by GlobalSecurityHackers 27/02/2015

hry.czin.eu
XSS by GlobalSecurityHackers 27/02/2015

thenkoodu.in
XSS by GlobalSecurityHackers 27/02/2015

Top Google PR Websites

addthis.com by yarbabin

csail.mit.edu by yarbabin

w3.org by yarbabin

un.org by yarbabin

stanford.edu by yarbabin

cnrs.fr by yarbabin

noaa.gov by yarbabin

inria.fr by yarbabin

europeana.eu by yarbabin

bl.uk by en4rab

bnf.fr by BruteLogic

gallica.bnf.fr by BruteLogic

emeraldinsight.com by en4rab

loc.gov by SecBit

sciencedirect.com by en4rab

worldcat.org by BruteLogic

ed.ac.uk by en4rab

store.apple.com by SecBit

europa.eu by en4rab

nytimes.com by xsscrapy

ethz.ch by V1RUS4

mailchimp.com by NewLife705

creativecommons.org by SymbianSyMoh

ec.europa.eu by monkeyMan

imperial.ac.uk by SecBit

recovery.gov by SecBit

univie.ac.at by watt

unesco.org by z0rr0

Top VIP XSS Researchers

BruteLogic
Reported 166 vulnerable VIP websites

watt
Reported 117 vulnerable VIP websites

en4rab
Reported 105 vulnerable VIP websites

Nasrul07
Reported 103 vulnerable VIP websites

SecBit
Reported 91 vulnerable VIP websites

E1337
Reported 61 vulnerable VIP websites

NewLife705
Reported 46 vulnerable VIP websites

Toggaf
Reported 37 vulnerable VIP websites

Dshellnoi_Unix
Reported 33 vulnerable VIP websites

xssme
Reported 31 vulnerable VIP websites

yarbabin
Reported 29 vulnerable VIP websites

V1RUS4
Reported 22 vulnerable VIP websites

xsscrapy
Reported 18 vulnerable VIP websites

Tactic4l
Reported 16 vulnerable VIP websites

X-P10it hun73r
Reported 15 vulnerable VIP websites

sinkmanu
Reported 12 vulnerable VIP websites

ral249
Reported 12 vulnerable VIP websites

maximum
Reported 12 vulnerable VIP websites

unwritten0worm
Reported 9 vulnerable VIP websites

SymbianSyMoh
Reported 8 vulnerable VIP websites

Unpatched VIP Websites

search.vivastreet.co.in
124 unpatched vulnerabilities

expatads.com
96 unpatched vulnerabilities

freakshare.com
25 unpatched vulnerabilities

opensecrets.org
19 unpatched vulnerabilities

reference.com
13 unpatched vulnerabilities

novell.com
16 unpatched vulnerabilities

okezone.com
12 unpatched vulnerabilities

shop.com
12 unpatched vulnerabilities

mlb.com
12 unpatched vulnerabilities

espn.go.com
14 unpatched vulnerabilities

ge.ch
10 unpatched vulnerabilities

buxp.org
9 unpatched vulnerabilities

creativecommons.org
13 unpatched vulnerabilities

cnews.ru
9 unpatched vulnerabilities

adultfriendfinder.com
8 unpatched vulnerabilities

turbobit.net
8 unpatched vulnerabilities

ask.com
9 unpatched vulnerabilities

noaa.gov
9 unpatched vulnerabilities

inderscience.com
7 unpatched vulnerabilities

tucows.com
7 unpatched vulnerabilities

Making Web Safer

The main reason why security researchers post XSS vulnerabilities on our archive is negligence and arrogance of website administrators who don't even bother to reply when researchers send information about XSS to them directly. Even companies with "Bug bounties" programs are present in our archive.

Nevertheless, the aim of the project is to make Web safer, therefore for every XSS vulnerability that we manually approve after submission, website administrator receives an email notification about the vulnerability. The notification is automatic and is sent to generic security emails, and/or to the emails from WHOIS. In order to prevent spam - the email is sent only for the first vulnerability affecting the domain.

If you want to receive customized email alerts for your domain(s) before their approval - you can subscribe here.


On the 28/02/2015 administration of derby.ac.uk fixed XSS vulnerability reported by security researcher en4rab. Website derby.ac.uk was vulnerable for 26 days since notification, now the vulnerability is patched.

On the 28/02/2015 administration of sachsenallee.de fixed XSS vulnerability reported by security researcher watt. Website sachsenallee.de was vulnerable for 33 days since notification, now the vulnerability is patched.

On the 28/02/2015 administration of isenburg-zentrum.com fixed XSS vulnerability reported by security researcher watt. Website isenburg-zentrum.com was vulnerable for 33 days since notification, now the vulnerability is patched.

On the 28/02/2015 administration of werre-park.de fixed XSS vulnerability reported by security researcher watt. Website werre-park.de was vulnerable for 33 days since notification, now the vulnerability is patched.

On the 28/02/2015 administration of city-galerie-augsburg.de fixed XSS vulnerability reported by security researcher watt. Website city-galerie-augsburg.de was vulnerable for 33 days since notification, now the vulnerability is patched.

On the 27/02/2015 administration of sos.noaa.gov fixed XSS vulnerability reported by security researcher KaMiHaXor. Website sos.noaa.gov was vulnerable for 112 days since notification, now the vulnerability is patched.

On the 27/02/2015 administration of sos.noaa.gov fixed XSS vulnerability reported by security researcher KaMiHaXor. Website sos.noaa.gov was vulnerable for 112 days since notification, now the vulnerability is patched.

On the 27/02/2015 administration of tatepublishing.com fixed XSS vulnerability reported by security researcher GlobalSecurityHackers. Website tatepublishing.com was vulnerable for 0 days since notification, now the vulnerability is patched.

On the 27/02/2015 administration of arxiv.org fixed XSS vulnerability reported by security researcher yarbabin. Website arxiv.org was vulnerable for 1 days since notification, now the vulnerability is patched.

On the 27/02/2015 administration of heute.de fixed XSS vulnerability reported by security researcher SecBit. Website heute.de was vulnerable for 9 days since notification, now the vulnerability is patched.