Reports in azbuka vkusa program: S.No Title Bounty 1 IDOR - Other user's delivery address disclosed $0.0 2 Corporate Jira credentials disclosed in public gist $0.0 3 Leak of Google Sheets API credentials $0.0 4 Мисконфигурация Cisco Smart Install $0.0 5 Reflected XSS on av.ru via q parameter at https://av.ru/collections/* $0.0 6 Reflected XSS in photogallery component on [https://market.av.ru] $0.0 7 Endpoint without access control leads to order informations and status changes $0.0 8 Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form) $0.0 9 Unauthorized access to choice.av.ru control panel $0.0