axe has reached Level 4 with 75+ unique vulnerabilities discovered and they have proven to us that they understand web application vulnerabilities and how to discover them. If you run a bug bounty/vulnerability disclosure program and you are looking for an active, professional researcher, we recommend considering this user
| Report Title | Event ID | Severity | Vulnerability Type |
|---|---|---|---|
| The ref parameter is redirectable in the register.php path | FirstBlood v2 | Informative | |
| Reflective XSS on register page | FirstBlood v2 | Medium | Reflective XSS |
| XSS on login page | FirstBlood v2 | Medium | Reflective XSS |
| Unexpected registered users | FirstBlood v2 | Medium | Auth issues |
| Invalidate previously registered users by using duplicate invitations | FirstBlood v2 | Medium | Auth issues |
| Cancel Stored XSS at the reservation function | FirstBlood v2 | High | Stored XSS |
| Change user passwords at will to enable account takeover | FirstBlood v2 | CRITICAL | Application/Business Logic |
| Regular accounts can override access to patient information | FirstBlood v2 | Medium | Application/Business Logic |
| All user information is leaked due to unexpired cookies | FirstBlood v2 | Medium | Application/Business Logic |
| Unauthorized modification of mailbox | FirstBlood v2 | Medium | Application/Business Logic |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles