Reports in expedia group bug bounty program: S.No Title Bounty 1 Open Redirect in Logout & Login $1000.0 2 Cache Poisoning Allows Stored XSS Via hav Cookie Parameter (To Account Takeover) $750.0 3 Cache Deception Allows Account Takeover $750.0 4 Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass) $300.0 5 https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak $100.0 6 Sensitive information for phpinfo.php at https://products.ean.com/ $0.0