Reports in evernote program: S.No Title Bounty 1 Reflected XSS in the shared note view on https://evernote.com $500.0 2 CSRF leads to account deactivation of users $300.0 3 [34.96.80.155] Server Logs Disclosure lead to Information Leakage $150.0 4 Email Verification Bypass by bruteforcing when setting up 2FA $150.0 5 Reflected + Stored XSS - https://discussion.evernote.com $0.0 6 One Click Code Execution via File $0.0 7 Non-production Open Database In Combination With XXE Leads To SSRF $0.0 8 Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion $0.0 9 2 click Remote Code execution in Evernote Android $0.0