Report Email Alerts Open Bug Bounty: 96803 coordinated disclosures
Full Disclosure: 32119 vulnerabilities
Total Vulnerabilities Fixed: 33036
107326 vulnerable websites, 12158 VIP websites
2468 security researchers, 3433 notification subscribers

Open Bug Bounty & Coordinated Disclosure

We endorse and encourage coordinated vulnerability disclosure to help website owners and administrators to secure their web applications and the end-users.


Vulnerability type:
Select reporting methodology:Open Bug Bounty (Recommended) To participate in the Open Bug Bounty coordinated vulnerability disclosure program please login via Twitter. Anyone can participate, anyone can help!
Full Disclosure

Please carefully follow submission guidelines:

  • Your XSS must display 'OPENBUGBOUNTY' string in a JS popup, for example:
    • <script>alert('OPENBUGBOUNTY')</script>
    • <img src=x onerror=prompt(/OPENBUGBOUNTY/)>
    • <script src=https://openbugbounty.org/1.js>
  • Your XSS must affect the domain for which you submit the vulnerability - XSS in iframes or after redirects are not accepted.
  • Iframe injections must contain an iframe with openbugbounty.org inside.
  • Same XSS in different scripts (e.g. one global parameter affecting all pages) will NOT be published as separate XSSs, and will be deleted.
  • Multiple re-submissions of the same vulnerability will result in removal of all these submissions.
  • Please allow up to 24 hours for XSS approval and publication.
* XSS URL:
POST data


appication/x-www-form-urlencoded
POST data example:


key1=value1&key2=value2
multipart/form-data
POST data example:


---------------573cf973d5228
Content-Disposition: form-data; name="key1"

value1
---------------573cf973d5228
Content-Disposition: form-data; name="key2"

value2
---------------573cf973d5228--
Cookies:
Your nickname:
Send notification to subscribers: A notification will be sent to all people who are subscribed for the domain.
A notification will be sent to:
security@
webmaster@
contact@
info@
Send notification to an email address provided on the vulnerable website (e.g. security contact - if any, etc).
A notification will be sent via OpenBugBounty twitter account (available only for VIP submissions)
If you have anything special to say about the report - put it here, however keep in mind that it will be publicly visible just after publication. Any inappropriate, insulting, harassing, spam or adult content will be deleted with the submission. No HTML allowed.
*



Latest VIP Submissions

diez.hn
Reported by Gamliel_InfoSec Twitter: @Gamliel_InfoSec
Approved XSS vulnerabilities: 50
Approved XSS vulnerabilities on VIP websites: 14
on 24.01.2017
cbc.ca
Reported by Tacocat Twitter: @DaTacocat
Approved XSS vulnerabilities: 4
Approved XSS vulnerabilities on VIP websites: 2
on 23.01.2017
filehippo.com
Reported by whacky Twitter: @w_hacky
Recommendations received: 1
Approved XSS vulnerabilities: 434
Approved XSS vulnerabilities on VIP websites: 6
on 23.01.2017
inflibnet.ac.in
Reported by SonnySpooks Twitter: @SonnySpooks
Recommendations received: 1
Approved XSS vulnerabilities: 1191
Approved XSS vulnerabilities on VIP websites: 57
on 23.01.2017
ebi.ac.uk
Reported by SonnySpooks Twitter: @SonnySpooks
Recommendations received: 1
Approved XSS vulnerabilities: 1191
Approved XSS vulnerabilities on VIP websites: 57
on 23.01.2017
d-h.st
Reported by Random_Robbie Twitter: @Random_Robbie
Recommendations received: 7
Approved XSS vulnerabilities: 1065
Approved XSS vulnerabilities on VIP websites: 76
on 23.01.2017
nuvid.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 2
Approved XSS vulnerabilities: 547
Approved XSS vulnerabilities on VIP websites: 107
on 23.01.2017
traidnt.net
Reported by codingplanets Twitter: @codingplanets
Approved XSS vulnerabilities: 66
Approved XSS vulnerabilities on VIP websites: 2
on 23.01.2017
bet.com
Reported by Xany Twitter: @Xanyrekt
Approved XSS vulnerabilities: 898
Approved XSS vulnerabilities on VIP websites: 102
on 23.01.2017
docslide.us
Reported by Xany Twitter: @Xanyrekt
Approved XSS vulnerabilities: 898
Approved XSS vulnerabilities on VIP websites: 102
on 23.01.2017

Latest Submissions

mypolkschools.net
Reported by Tacocat Twitter: @DaTacocat
Approved XSS vulnerabilities: 4
Approved XSS vulnerabilities on VIP websites: 2
on 23.01.2017
recipelion.com
Reported by RickChase Approved XSS vulnerabilities: 195
Approved XSS vulnerabilities on VIP websites: 8
on 23.01.2017
thestandard.com.hk
Reported by RickChase Approved XSS vulnerabilities: 195
Approved XSS vulnerabilities on VIP websites: 8
on 23.01.2017
uniobregon.com
Reported by RickChase Approved XSS vulnerabilities: 195
Approved XSS vulnerabilities on VIP websites: 8
on 23.01.2017
dol.deliver.ifeng.com
Reported by whacky Twitter: @w_hacky
Recommendations received: 1
Approved XSS vulnerabilities: 434
Approved XSS vulnerabilities on VIP websites: 6
on 23.01.2017
sz.house.ifeng.com
Reported by whacky Twitter: @w_hacky
Recommendations received: 1
Approved XSS vulnerabilities: 434
Approved XSS vulnerabilities on VIP websites: 6
on 23.01.2017
jn.house.ifeng.com
Reported by whacky Twitter: @w_hacky
Recommendations received: 1
Approved XSS vulnerabilities: 434
Approved XSS vulnerabilities on VIP websites: 6
on 23.01.2017
xa.house.ifeng.com
Reported by whacky Twitter: @w_hacky
Recommendations received: 1
Approved XSS vulnerabilities: 434
Approved XSS vulnerabilities on VIP websites: 6
on 23.01.2017
sh.house.ifeng.com
Reported by whacky Twitter: @w_hacky
Recommendations received: 1
Approved XSS vulnerabilities: 434
Approved XSS vulnerabilities on VIP websites: 6
on 23.01.2017
hz.house.ifeng.com
Reported by whacky Twitter: @w_hacky
Recommendations received: 1
Approved XSS vulnerabilities: 434
Approved XSS vulnerabilities on VIP websites: 6
on 23.01.2017