Public InVision bug reports.

Team Bounty Title
InVision $300 CORS Man-in-the-Middle account compromise
InVision $150 CRITICAL Any █████ of any screen can be removed by anyone!
InVision $400 CRITICAL : Delete Boards Admin's ( or any other user ) comment. ( IDOR )
InVision $500 CRITICAL Stored XSS in https://projects.invisionapp.com
InVision $300 Stored Cross-Site Scripting on █████████ (with small user interaction)
InVision - X-Frame-Options Header Not Set
InVision $400 Deleting a Project for which the user is not owner but a normal member
InVision $100 Content Spoofing - Signout Warning Page
InVision $100 Reflective XSS in projects.invisionapp.com
InVision $150 Enumeration and Guessable Email (OWASP-AT-002)T hrough Login Form
InVision $200 Javascript Injection
InVision $150 CSRF Token in cookies!
InVision - Password reset tokens is valid after changing the password by logging in the account
InVision $300 Backup of wordpress configuration file found. Leaking database users/passwords
InVision - Sensitive information in cookies
InVision - Multiple Upload Vulnerability !File Upload + File Inclusion (Access Not Forbidden)
InVision - TLS Renegotiation and Denial of Service Attacks on InVision.
InVision $200 captcha missing
InVision - Found a Clickjacking in blog.invisionapp.com.