Reports in owox program: S.No Title Bounty 1 Subdomain Takeover on http://kiosk.owox.com/ $0.0 2 HTTP Response Splitting(CRLF injection) in bi.owox.com $0.0 3 Access to Grafana Dashboard $0.0 4 Stored XSS at https://finance.owox.com/customer/accountList $0.0 5 Subdomain takeover in many subdomains $0.0 6 Broken Authentication & Session Management (Login Bypass) at support.owox.com $0.0 7 Subdomain Takeover on OWOX.RU $0.0 8 Subdomain Takeover on http://blog.owox.com/ $0.0 9 invalid URL parsing with and '@' $0.0 10 Direct IP Access $0.0 11 ClickJacking $0.0 12 Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility $0.0 13 Session is not expire after logout $0.0 14 Reflected XSS $0.0 15 The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS. $0.0 16 Unrestricted File Upload in Chat Window $0.0