Reports in gocd program: S.No Title Bounty 1 X-Content-Type-Options header missing at Auth Login $0.0 2 Directory Listening $0.0 3 Reflected XSS vector $0.0 4 Spring security configuration allows agent sessions to be hijacked $0.0 5 XSS in http://localhost:8153/go/admin/config/server/update $0.0 6 Reflected XSS $0.0 7 Cross Site Scripting $0.0 8 Possible SSRF at URL Parameter while creating a new package repository $0.0 9 Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml $0.0 10 XSS In https://docs.gocd.org/current/ $0.0 11 Open S3 Bucket Accessible by any Aws User $0.0 12 XSS in new.loading.page.html $0.0 13 XSS in GOCD Analytics Plugin $0.0