Reports in smule program: S.No Title Bounty 1 Disclosure of information about the system, configuration files. $0.0 2 Missing Rate Limit in Forgot Password can Lead to email address leakage of all smule accounts $0.0 3 Open Redirect on ███ $0.0 4 Missing Rate Limit in Password Change $0.0 5 Web cache poisoning leads to disclosure of CSRF token and sensitive information $0.0 6 stored xss in https://www.smule.com $0.0 7 Open redirect bypass & SSRF Security Vulnerability $0.0 8 Error Page Content Spoofing or Text Injection $0.0 9 No Rate Limiting On Phone Number Login Leads to Login Bypass $0.0 10 [com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app $0.0 11 Possible Subdomain Takeover For Inbound Emails $0.0