Reports in lab45 program: S.No Title Bounty 1 Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com $0.0 2 PII of Users Disclosure using "/members/invite/" endpoint $0.0 3 CSRF on https://apps.topcoder.com/wiki/users general and email preferences $0.0 4 CSRF on https://apps.topcoder.com/wiki/users/editmyprofile.action $0.0 5 Stored XSS on https://apps.topcoder.com/wiki/pages/editpage.action $0.0 6 CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action $0.0 7 Post Based Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action $0.0 8 Reflected XSS on error page on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action $0.0 9 Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action $0.0 10 Stored XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action $0.0 11 Reflected XSS on https://apps.topcoder.com/wiki/pages/createpage.action $0.0 12 Reflected XSS on https://apps.topcoder.com/wiki/ $0.0 13 Reflected XSS on https://apps.topcoder.com/wiki/page/ $0.0 14 IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter $0.0 15 Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII $0.0 16 SVG file upload leads to XML injection $0.0 17 Reflected-XSS on https://www.topcoder.com/tc via pt parameter $0.0 18 Stored-Xss at connect.topcoder.com/projects/ affected on project chat members $0.0 19 CSRF on https://apps.topcoder.com/wiki/pages/doattachfile.action $0.0 20 CSRF on https://apps.topcoder.com/wiki/users/editmyprofilepicture.action $0.0 21 IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data $0.0 22 Reflected XSS in https://www.topcoder.com/blog/category/community-stories/ $0.0 23 SSRF to AWS file read $0.0