Public Bookfresh bug reports.

Team Bounty Title
Bookfresh - Reflected XSS on www.bookfresh.com/index.html?view=upload_form
Bookfresh - Missing Function Level Access Control in /cindex.php/widget/customize/