Reports in drive program: S.No Title Bounty 1 Same site Scripting $0.0 2 Хранимый XSS в Business-аккаунте, на странице компании $0.0 3 [www.drive2.ru] CSRF through FCTX token bypass $0.0 4 [www.drive2.ru] There is no rate limit for comments endpoints. $0.0 5 Testing for arbitrary HTTP methods $0.0 6 [www.drive2.ru] Insufficient Security Configurability - Email notification is not being sent while changing passwords $0.0 7 [www.drive2.ru] Insufficient Security Configurability - Notification email is not sent when email is changed. $0.0 8 [www.drive2.ru] Insufficient Security Configurability - Notification message not sent when account is deleted $0.0 9 [www.drive2.ru] Insufficient Security Configurability - The user can using the same password as your current ID. $0.0 10 [www.drive2.ru] Insufficient Security Configurability - The user's can set an existing password as a new password. $0.0 11 [www.drive2.ru] Insufficient Session Expiration - Previously issued email change tokens do not expire upon issuing a new email change token $0.0