Public Factlink bug reports.

Team Bounty Title
Factlink - Frameset Proxy Problem
Factlink - File name/folder enumeration.
Factlink - XSS 01 on staging.fct.li
Factlink - Click-Jacking due to missing X-frame header
Factlink - Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
Factlink - Anonymous Proxy and IP leak
Factlink - Password reset link doesn't expire.
Factlink - Meta characters not filtered on signup
Factlink - Proxy service crash DoS
Factlink - X/Csrf token problem
Factlink - Session not expired on logout
Factlink - Sign up CSRF
Factlink - Password Complexity very low.
Factlink - Missing SPF for factlink.com and Staging.factlink.com
Factlink - Leaking of password reset token through referer
Factlink - Login CSRF using Twitter oauth
Factlink - Url Redirection
Factlink - HTML5 cross-origin resource sharing
Factlink - Click jacking
Factlink - Proxy discloses internal web servers