Vulnerability
Severity
All-in Amount (EUR)
Reward Amount (EUR)
Remote code execution (RCE)
High
1950
1500
Injection
High
1950
1500
XML external entity injection (XXE)
High
1950
1500
Insecure direct object reference on a critical function
High
1300
1000
Vertical authentication bypass
High
1300
1000
Server-side request forgery (SSRF)
High
1300
1000
Using default credentials
High
1300
1000
Misconfigured DNS
High
1300
1000
Password disclosure
High
1300
1000
Horizontal authentication bypass
High
1040
800
Private API key disclosure
High
1040
800
SSL attack (heartbleed)
High
910
700
Insecure direct object reference on an important function
High
780
600
Predictable session token leading to an authenticated user
High
650
500
Stored cross-site scripting publicly accessible
High
650
500
Same-origin policy bypass
Medium
520
400
Cross-site request forgery (CSRF) - critical function
Medium
520
400
Insecure direct object reference on a non-important function
Medium
390
300
Cross-site request forgery (CSRF) - important function
Medium
390
300
Reflected cross-site scripting publicly accessible
Medium
390
300
HTTP response splitting
Medium
260
200
Stored cross-site scripting in portal
Medium
260
200
Visible detailed error page
Medium
195
150
Open redirect
Medium
195
150
Clickjacking
Medium
195
150
Missing secure or HttpOnly cookie flag
Medium
195
150
Reflected cross-site scripting in portal
Medium
195
150
Stored cross-site scripting self XSS
Medium
195
150
Injection, other
Low
130
100
Off-domain cross-site scripting
Low
130
100
Insecure SSL - insecure cipher suite
Low
130
100
Insecure SSL - lack of forward secrecy
Low
130
100
Content spoofing
Low
65
50
Reflected file download
Low
65
50
CSV injection
Low
65
50
Sensitive information in URL
Low
65
50
Weak login function
Low
65
50
Session fixation
Low
65
50
IE-only XSS
Low
65
50
Cookie-based cross-site scripting
Low
65
50
Referrer XSS
Low
65
50
Cross-site scripting self XSS
Low
65
50
Unsafe file upload
Low
65
50
Outdated software version
Low
65
50
Weak password policy
Low
65
50
No rate limiting on login form
Low
65
50
Lack of password confirmation when changing email address
Low
65
50
Lack of password confirmation when changing password
Low
65
50
Lack of password confirmation when deleting account
Low
65
50
Failure to invalidate session on password change
Low
65
50
Failure to invalidate session on logout
Low
65
50