Reports in fetlife program: S.No Title Bounty 1 Specific Payload makes a Users Posts unavailable $100.0 2 Google API key leaked to Public $0.0 3 Stored XSS via Create a Fetish section. $0.0 4 Stored XSS via Angular Expression injection via Subject while starting conversation with other users. $0.0 5 Able to access private picture/video/writing when requesting for their JSON response $0.0 6 Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response $0.0 7 Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites $0.0 8 fetlife.com/signup_step_profile expose access_token of mapbox.com $0.0 9 Able to see highest poll result without voting or view result $0.0 10 Able to see location coordinates in any event without permission to do so $0.0