Imgur


reports in last 90 days

33

disclosed resolved issues

3

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Xss on community.imgur.com

Cross-site Scripting (XSS) - Reflected madrobot Time to triage: 0 Days and 20 hours


Time to close: 104 Days and 7 hours
Resolved

Low CSRF leads to a stored self xss

Cross-site Scripting (XSS) - Reflected hogarth45 Time to triage: 1 Days and 23 hours


Time to close: 507 Days and 21 hours
Resolved

Medium BUG XSS IN "ADD IMAGES"

Cross-site Scripting (XSS) - Stored rioncool22 Issue was not triaged


Time to close: 0 Days and 5 hours
Informative

Critical Remote Code Execution on Git.imgur-dev.com

Code Injection orange Time to triage: 0 Days and 12 hours


Time to close: 0 Days and 0 hours
Resolved

Medium Stored XSS on imgur profile

Cross-site Scripting (XSS) - Stored giddsec Time to triage: 2 Days and 16 hours


Time to close: 2 Days and 18 hours
Resolved

Medium Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/

Path Traversal sbakhour Time to triage: 0 Days and 14 hours


Time to close: 5 Days and 23 hours
Resolved

Low Go.imgur.com can be used to phish for account information

Phishing kiyell Time to triage: 0 Days and 20 hours


Time to close: 7 Days and 16 hours
Resolved

No rating Reflected XSS in m.imgur.com

Cross-site Scripting (XSS) - Generic logue Time to triage: 26 Days and 1 hours


Time to close: 400 Days and 22 hours
Resolved

No rating Information disclosure (No rate limting in forgot password & other login)

Information Disclosure protector47 Time to triage: 1 Days and 20 hours


Time to close: 165 Days and 0 hours
Resolved

No rating Login to any user account using other facebook app access token

Improper Authentication - Generic vinothkumar Time to triage: 0 Days and 0 hours


Time to close: 6 Days and 17 hours
Resolved

Critical RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`

Command Injection - Generic neex Time to triage: 1 Days and 20 hours


Time to close: 13 Days and 18 hours
Resolved

Critical Remote Code Execution on Git.imgur-dev.com

Code Injection orange Time to triage: 0 Days and 12 hours


Time to close: 0 Days and 0 hours
Resolved

Medium Stored xss in ALBUM DESCRIPTION

Cross-site Scripting (XSS) - Generic armaanpathan Issue was not triaged


Time to close: 16 Days and 21 hours
Resolved

No rating Stored XSS in albums on http://m.imgur.com/

Cross-site Scripting (XSS) - Generic strukt Time to triage: 59 Days and 12 hours


Time to close: 35 Days and 1 hours
Resolved

No rating Unauthenticated Docker registry

Improper Authentication - Generic nathonsecurity Issue was not triaged


Time to close: 7 Days and 8 hours
Resolved

No rating Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event

Cross-site Scripting (XSS) - Generic fransrosen Time to triage: 5 Days and 22 hours


Time to close: 35 Days and 18 hours
Resolved

No rating Attack User Privacy Settings - X-Frame-Options missing on m.imgur.com/user/username/settings

UI Redressing (Clickjacking) kasser Time to triage: 4 Days and 20 hours


Time to close: 17 Days and 11 hours
Resolved

No rating SSRF and local file read in video to gif converter

None supplied sl1m Issue was not triaged


Time to close: 0 Days and 20 hours
Resolved

No rating Local file read in image editor

Code Injection sl1m Time to triage: 2 Days and 22 hours


Time to close: 0 Days and 2 hours
Resolved

No rating Persistent XSS in image title

Cross-site Scripting (XSS) - Generic kasperkarlsson Issue was not triaged


Time to close: 86 Days and 8 hours
Resolved

No rating Server Side Request Forgery In Video to GIF Functionality

Cross-Site Request Forgery (CSRF) 1n3 Issue was not triaged


Time to close: 7 Days and 1 hours
Informative

No rating XSS via React element spoofing

Cross-site Scripting (XSS) - Generic jouko Issue was not triaged


Time to close: 5 Days and 7 hours
Resolved

No rating SSRF in https://imgur.com/vidgif/url

Denial of Service aesteral Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 1 hours
Resolved

No rating SSRF / Local file enumeration / DoS due to improper handling of certain file formats by ffmpeg

Command Injection - Generic aesteral Time to triage: 6 Days and 21 hours


Time to close: 24 Days and 23 hours
Resolved

No rating risk of having secure=false in a crossdomain.xml

Memory Corruption - Generic hacker00000000 Time to triage: 8 Days and 2 hours


Time to close: 23 Days and 0 hours
Resolved