2021 Sep 18 [#019] Subdomain Takeover - Dangling NS records - BaseCamp - 750$ Jun 21 [#018] CVE-2021-26832 - Reflected XSS on Priority Enterprise Management System v8.00 Jun 3 [#017] Reflected XSS through ClickJacking - US Dept of Defense May 11 [#016] DOM XSS - US Dept of Defense May 5 [#015] Open Redirect on takeflight.twitter.com Apr 16 [#014] Subdomain Takeover on ipc-test.waze.com - Google - 100$ Apr 1 [#013] Reponse Manipulation allowed Subdomain Takeovers from FreshDesk Mar 26 [#012] Sensitive Information Disclosure - HackerOne - 2500$ Mar 26 [#011] Stored XSS on events.hackerone.com - HackerOne - Swag Mar 26 [#010] Open Redirect on events.hackerone.com - HackerOne - Swag Mar 26 [#009] RXSS through 3rd party vendor SSRF - HackerOne - Swag Mar 24 [#008] Blind XSS to administrator takeover - US Dept of Defense Mar 19 [#007] HTML Injection - TikTok - 111$ Mar 11 [#006] Blind XSS - US Dept of Defense Mar 11 [#005] Stored XSS - US Dept of Defense Feb 1 [#004] Product Based - Open redirect on all websites powered by thinkific Feb 1 [#003] Reflected XSS - US Dept of Defense Jan 25 [#002] Reflected XSS - US Dept of Defense Jan 20 [#001] Open Redirect on www.youtube.com - Google
Jun 21 [#018] CVE-2021-26832 - Reflected XSS on Priority Enterprise Management System v8.00 Jun 3 [#017] Reflected XSS through ClickJacking - US Dept of Defense May 11 [#016] DOM XSS - US Dept of Defense May 5 [#015] Open Redirect on takeflight.twitter.com Apr 16 [#014] Subdomain Takeover on ipc-test.waze.com - Google - 100$ Apr 1 [#013] Reponse Manipulation allowed Subdomain Takeovers from FreshDesk Mar 26 [#012] Sensitive Information Disclosure - HackerOne - 2500$ Mar 26 [#011] Stored XSS on events.hackerone.com - HackerOne - Swag Mar 26 [#010] Open Redirect on events.hackerone.com - HackerOne - Swag Mar 26 [#009] RXSS through 3rd party vendor SSRF - HackerOne - Swag Mar 24 [#008] Blind XSS to administrator takeover - US Dept of Defense Mar 19 [#007] HTML Injection - TikTok - 111$ Mar 11 [#006] Blind XSS - US Dept of Defense Mar 11 [#005] Stored XSS - US Dept of Defense Feb 1 [#004] Product Based - Open redirect on all websites powered by thinkific Feb 1 [#003] Reflected XSS - US Dept of Defense Jan 25 [#002] Reflected XSS - US Dept of Defense Jan 20 [#001] Open Redirect on www.youtube.com - Google
Jun 3 [#017] Reflected XSS through ClickJacking - US Dept of Defense May 11 [#016] DOM XSS - US Dept of Defense May 5 [#015] Open Redirect on takeflight.twitter.com Apr 16 [#014] Subdomain Takeover on ipc-test.waze.com - Google - 100$ Apr 1 [#013] Reponse Manipulation allowed Subdomain Takeovers from FreshDesk Mar 26 [#012] Sensitive Information Disclosure - HackerOne - 2500$ Mar 26 [#011] Stored XSS on events.hackerone.com - HackerOne - Swag Mar 26 [#010] Open Redirect on events.hackerone.com - HackerOne - Swag Mar 26 [#009] RXSS through 3rd party vendor SSRF - HackerOne - Swag Mar 24 [#008] Blind XSS to administrator takeover - US Dept of Defense Mar 19 [#007] HTML Injection - TikTok - 111$ Mar 11 [#006] Blind XSS - US Dept of Defense Mar 11 [#005] Stored XSS - US Dept of Defense Feb 1 [#004] Product Based - Open redirect on all websites powered by thinkific Feb 1 [#003] Reflected XSS - US Dept of Defense Jan 25 [#002] Reflected XSS - US Dept of Defense Jan 20 [#001] Open Redirect on www.youtube.com - Google