Reports in moneybird program: S.No Title Bounty 1 Content Spoofing In Moneybird $0.0 2 Logging out any user $0.0 3 Stored XSS thru SVG upload $0.0 4 XXE issue $0.0 5 Stored Cross Site Scripting in Customer Name $0.0 6 Webhook allows sending payload using insecure HTTP protocol $0.0 7 Moneybird customers invoices leak in cacheable urls $0.0 8 Stored XSS at Moneybird $0.0 9 Open Redirection while saving User account Settings $0.0 10 Enable 2FA without verifying the email $0.0 11 Bypass password reset rate limit protection at moneybird.com/passwords $0.0 12 Pending MFA logins aren't immediatly expired after a password change $0.0 13 Stored XSS on add project $0.0 14 Access control issue on invoice documents downloading feature. $0.0 15 No rate Limit $0.0 16 Bypass of Rate limiting in secure_session endpoint's password input will lead to user password disclosure $0.0 17 Open Redirect through POST Request in OAuth $0.0 18 IDOR in https://moneybird.com/user/accountant_company/edit(change company name) $0.0