Reports in grammarly program: S.No Title Bounty 1 Ability to DOS any organization's SSO and open up the door to account takeovers $10500.0 2 Employee's GitHub Token Found In Travis CI Build Logs $5000.0 3 “email” MFA mode allows bypassing MFA from victim’s device when the device trust is not expired $2500.0 4 Permissive CORS policy trusting arbitrary extensions origin $500.0 5 DOM based CSS Injection on grammarly.com $250.0 6 open-url command allows opening unlimited number of tabs pointing to arbitrary URLs $0.0 7 "More on Wikipedia" link disclose "Referrer" and leak window.opener reference for arbitrary websites $0.0 8 Emails from Grammarly missing sanitization(lack of validation?) -> HTML injection in emails $0.0 9 Reflected Cross Site Scripting (XSS) $0.0 10 Grammarly Keyboard for Android <4.1 leaks user input through logs (except for sensitive input fields) $0.0 11 socket command allows sending data over WebSockets to arbitrary origins from Grammarly Extension $0.0 12 Handling of tracking command allows making arbitrary blind requests with user's cookies from Grammarly Extension's origin $0.0 13 Can register any mobile number in MFA without current code. $0.0 14 Previously created sessions continue being valid after MFA activation $0.0 15 Lack of CSRF header validation at https://g-mail.grammarly.com/profile $0.0 16 Account takeover through the combination of cookie manipulation and XSS $0.0 17 Grammarly Keyboard for Android "Authorization Code with PKCE" flow implementation vulnerability that allows account takeover $0.0 18 Unauthenticated users can access all food.grammarly.io user's data $0.0 19 Config override using non-validated query parameter allows at least reflected XSS by injecting configuration into state $0.0 20 Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text $0.0