Reports in flickr program: S.No Title Bounty 1 Stored XSS in photos_user_map.gne $3263.0 2 critical server misconfiguration lead to access to any user sensitive data which include user email and password $500.0 3 Critical broken cookie signing on dagobah.flickr.com $479.0 4 Open redirect bypass $300.0 5 Open Redirect $258.0 6 Open redirect GET-Based on https://www.flickr.com/browser/upgrade/?continue= $150.0 7 Arbitrary file read via ffmpeg HLS parser at https://www.flickr.com/photos/upload $0.0 8 Stored open redirect in about page $0.0 9 Improper access control in place for "member only" groups via root.YUI_config.flickr.api.site_key $0.0 10 CSRF in Account Deletion feature (https://www.flickr.com/account/delete) $0.0 11 Flickr Account Takeover using AWS Cognito API $0.0 12 Exceed photo dimensions, Flickr.com $0.0 13 IDOR may allow access to non-public photos $0.0 14 Incorrect Deep-link validation leading to unresponsive application and device $0.0