I wanted to let you know how I helped secure XVIDEOS.com.
After spending time enumerating the site, I quickly saw some text was reflected from the search field on the main website.
There was a hidden field that held a lot of JSON data. I was able to break the main page rendering with a very old payload.
The payload in question was