Reports in adobe program: S.No Title Bounty 1 Adobe XSS $0.0 2 Parameter tampering can result in product price manipulation $0.0 3 Disclosure of github access token in config file via nignx off-by-slash $0.0 4 AEM forms XXE Vulnerability $0.0 5 Log4j Java RCE in [beta.dev.adobeconnect.com] $0.0 6 DOM XSS on www.adobe.com $0.0 7 Able to bypass the fix on DOM XSS at [www.adobe.com] $0.0 8 API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone $0.0 9 Main Domain Takeover at https://www.marketo.net/ $0.0 10 DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation $0.0 11 Reflected Cross site scripting via Swagger UI $0.0 12 HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI $0.0 13 HTML INJECTION on https://adobedocs.github.io/JourneyAPI/ due to outdated SWAGGER UI $0.0 14 DOM XSS at https://adobedocs.github.io/indesign-api-docs/?configUrl={site} due to outdated Swagger UI $0.0 15 DOM XSS at https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site} due to outdated Swagger UI $0.0 16 Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com $0.0 17 Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection.adobe.com $0.0 18 Unauthenticated Varnish Cache Purge $0.0