Report Email Alerts 14735 reported vulnerabilities, 2547 fixed vulnerabilities
12348 vulnerable websites, 2484 vulnerable VIP websites
357 security researchers, 865 notification subscribers
Launched on 18/06/14, latest submission on 25/05/15

Top Alexa Rank Websites

baidu.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

amazon.com by MLT Twitter: @0x00000049
Position in TOP-50 XSS Researchers: 4
Position in TOP-50 VIP XSS Researchers: 12
Approved XSS vulnerabilities: 720
Approved XSS vulnerabilities on VIP websites: 68

taobao.com by wangjing

linkedin.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

tmall.com by Buglloc

amazon.co.jp by MLT Twitter: @0x00000049
Position in TOP-50 XSS Researchers: 4
Position in TOP-50 VIP XSS Researchers: 12
Approved XSS vulnerabilities: 720
Approved XSS vulnerabilities on VIP websites: 68

ask.com by SymbianSyMoh

microsoft.com by E1337

imdb.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

craigslist.org by xsscrapy

amazon.de by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

xhamster.com by Nasrul07

bbc.co.uk by SecBit

amazon.co.uk by MLT Twitter: @0x00000049
Position in TOP-50 XSS Researchers: 4
Position in TOP-50 VIP XSS Researchers: 12
Approved XSS vulnerabilities: 720
Approved XSS vulnerabilities on VIP websites: 68

espn.go.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

pornhub.com by Buglloc

amazon.cn by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

ebay.de by Tactic4l

si.com by v0raz Twitter: @v0raz
Position in TOP-50 XSS Researchers: 8
Position in TOP-50 VIP XSS Researchers: 3
Approved XSS vulnerabilities: 490
Approved XSS vulnerabilities on VIP websites: 251

adobe.com by bankir

dailymail.co.uk by xsscrapy

huffingtonpost.com by yarbabin

indiatimes.com by wangjing

booking.com by xsscrapy

nytimes.com by nopernik

wikia.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

outbrain.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

chase.com by v0raz Twitter: @v0raz
Position in TOP-50 XSS Researchers: 8
Position in TOP-50 VIP XSS Researchers: 3
Approved XSS vulnerabilities: 490
Approved XSS vulnerabilities on VIP websites: 251

youporn.com by Nasrul07

about.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

TOP XSS Researchers

V1RUS4
Reported 914 vulnerable websites

watt
Reported 607 vulnerable websites

en4rab
Reported 580 vulnerable websites

Rahuldk
Reported 333 vulnerable websites

Dshellnoi_Unix
Reported 264 vulnerable websites

SecBit
Reported 256 vulnerable websites

Nasrul07
Reported 223 vulnerable websites

nopernik
Reported 174 vulnerable websites

xssme
Reported 161 vulnerable websites

Stuxnet
Reported 137 vulnerable websites

Latest Submissions

www2.ufro.cl
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
25/05/2015

fisterra.com
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
25/05/2015

websandorra.com
XSS by r3vengine Position in TOP-50 XSS Researchers: 49
Approved XSS vulnerabilities: 19
Approved XSS vulnerabilities on VIP websites: 3
25/05/2015

julia.ad
XSS by r3vengine Position in TOP-50 XSS Researchers: 49
Approved XSS vulnerabilities: 19
Approved XSS vulnerabilities on VIP websites: 3
25/05/2015

librivox.org
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
25/05/2015

uclahealthcareers.org
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

libertyellisfoundation.org
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

efukt.com
XSS by r3vengine Position in TOP-50 XSS Researchers: 49
Approved XSS vulnerabilities: 19
Approved XSS vulnerabilities on VIP websites: 3
24/05/2015

dgam.gov.sy
XSS by ManicSec 24/05/2015

comicbook.com
XSS by eatsa_pizza 24/05/2015

itvserveis.ad
XSS by r3vengine Position in TOP-50 XSS Researchers: 49
Approved XSS vulnerabilities: 19
Approved XSS vulnerabilities on VIP websites: 3
24/05/2015

errc.org
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

ogdencity.com
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

cpacanada.ca
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

mz.unic.ac.cy
XSS by ZxX 24/05/2015

topappcharts.com
XSS by ZxX 24/05/2015

filedigger.co
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

wildwoods.org
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

icases.ru
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

hongkong-ic.intercontinental.com
XSS by Stuxnet Twitter: @_Stuxnet
Position in TOP-50 XSS Researchers: 7
Position in TOP-50 VIP XSS Researchers: 21
Approved XSS vulnerabilities: 516
Approved XSS vulnerabilities on VIP websites: 25
24/05/2015

Top Google PR Websites

edx.org by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

theeuropeanlibrary.org by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

addthis.com by yarbabin

linkedin.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

topuniversities.com by Abnoxious Position in TOP-50 XSS Researchers: 9
Position in TOP-50 VIP XSS Researchers: 9
Approved XSS vulnerabilities: 379
Approved XSS vulnerabilities on VIP websites: 110

easycounter.com by e3xpl0it Position in TOP-50 XSS Researchers: 14
Position in TOP-50 VIP XSS Researchers: 10
Approved XSS vulnerabilities: 292
Approved XSS vulnerabilities on VIP websites: 118

baidu.com.cn by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

baidu.cn by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

baidu.com by BruteLogic Position in TOP-50 XSS Researchers: 1
Position in TOP-50 VIP XSS Researchers: 1
Approved XSS vulnerabilities: 1407
Approved XSS vulnerabilities on VIP websites: 472

bbc.co.uk by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

un.org by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

europa.eu by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

web.mit.edu by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

goturkey.com by initbar

groups.csail.mit.edu by MLT Twitter: @0x00000049
Position in TOP-50 XSS Researchers: 4
Position in TOP-50 VIP XSS Researchers: 12
Approved XSS vulnerabilities: 720
Approved XSS vulnerabilities on VIP websites: 68

ec.europa.eu by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

governoeletronico.gov.br by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

stanford.edu by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

legifrance.gouv.fr by PsychoMantis Twitter: @Psycho_Mantis__
Position in TOP-50 XSS Researchers: 2
Position in TOP-50 VIP XSS Researchers: 2
Approved XSS vulnerabilities: 999
Approved XSS vulnerabilities on VIP websites: 302

cnrs.fr by Anonymous

loc.gov by PyschoMantis

mailchimp.com by nopernik

nytimes.com by nopernik

nature.com by billyzane Position in TOP-50 XSS Researchers: 34
Position in TOP-50 VIP XSS Researchers: 32
Approved XSS vulnerabilities: 63
Approved XSS vulnerabilities on VIP websites: 11

adobe.com by bankir

worldcat.org by yarbabin

sciencedirect.com by yarbabin

gallica.bnf.fr by yarbabin

bnf.fr by yarbabin

bl.uk by yarbabin

Top VIP XSS Researchers

watt
Reported 137 vulnerable VIP websites

en4rab
Reported 108 vulnerable VIP websites

Nasrul07
Reported 104 vulnerable VIP websites

yarbabin
Reported 94 vulnerable VIP websites

SecBit
Reported 92 vulnerable VIP websites

nopernik
Reported 65 vulnerable VIP websites

E1337
Reported 61 vulnerable VIP websites

initbar
Reported 53 vulnerable VIP websites

NewLife705
Reported 46 vulnerable VIP websites

Toggaf
Reported 38 vulnerable VIP websites

xssme
Reported 37 vulnerable VIP websites

Dshellnoi_Unix
Reported 33 vulnerable VIP websites

Rahuldk
Reported 29 vulnerable VIP websites

Unpatched VIP Websites

search.vivastreet.co.in
125 unpatched vulnerabilities

lg.com
97 unpatched vulnerabilities

expatads.com
96 unpatched vulnerabilities

gob.mx
54 unpatched vulnerabilities

freakshare.com
25 unpatched vulnerabilities

opensecrets.org
20 unpatched vulnerabilities

zoomby.ru
13 unpatched vulnerabilities

edu.cn
15 unpatched vulnerabilities

novell.com
16 unpatched vulnerabilities

mlb.com
13 unpatched vulnerabilities

about.com
14 unpatched vulnerabilities

stanford.edu
13 unpatched vulnerabilities

okezone.com
12 unpatched vulnerabilities

shop.com
12 unpatched vulnerabilities

ask.com
13 unpatched vulnerabilities

reference.com
16 unpatched vulnerabilities

espn.go.com
16 unpatched vulnerabilities

gov.ph
9 unpatched vulnerabilities

buxp.org
9 unpatched vulnerabilities

ge.ch
10 unpatched vulnerabilities

Making Web Safer

The main reason why security researchers post XSS vulnerabilities on our archive is negligence and arrogance of website administrators who don't even bother to reply when researchers send information about XSS to them directly. Even companies with "Bug bounties" programs are present in our archive.

Nevertheless, the aim of the project is to make Web safer, therefore for every XSS vulnerability that we manually approve after submission, website administrator receives an email notification about the vulnerability. The notification is automatic and is sent to generic security emails, and/or to the emails from WHOIS. In order to prevent spam - the email is sent only for the first vulnerability affecting the domain. We also try to notify via twitter.

If you want to receive customized email alerts for your domain(s) before their approval - you can subscribe here.


On the 24/05/2015 administration of chemspider.com fixed XSS vulnerability reported by security researcher MLT. Website chemspider.com was vulnerable for 49 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of javadownload.net fixed XSS vulnerability reported by security researcher Rahuldk. Website javadownload.net was vulnerable for 6 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of tomchalk.com fixed XSS vulnerability reported by security researcher MLT. Website tomchalk.com was vulnerable for 5 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of sharonspector.com fixed XSS vulnerability reported by security researcher MLT. Website sharonspector.com was vulnerable for 5 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of heritagebritain.com fixed XSS vulnerability reported by security researcher MLT. Website heritagebritain.com was vulnerable for 41 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of m.xhamster.com fixed XSS vulnerability reported by security researcher PsychoMantis. Website m.xhamster.com was vulnerable for 31 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of caithness-business.co.uk fixed XSS vulnerability reported by security researcher MLT. Website caithness-business.co.uk was vulnerable for 40 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of planet-slip.de fixed XSS vulnerability reported by security researcher watt. Website planet-slip.de was vulnerable for 29 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of mpnnow.com fixed XSS vulnerability reported by security researcher BruteLogic. Website mpnnow.com was vulnerable for 40 days since notification, now the vulnerability is patched.

On the 24/05/2015 administration of lokalwarenladen.net fixed XSS vulnerability reported by security researcher watt. Website lokalwarenladen.net was vulnerable for 29 days since notification, now the vulnerability is patched.