Public IRCCloud bug reports.

Team Bounty Title
IRCCloud $50 Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE
IRCCloud $500 Cross Site Scripting(XSS) on IRCCloud Badges Page (using Parameter Pollution)
IRCCloud $500 Inadequate input validation on API endpoint leading to self denial of service and increased system load.
IRCCloud - Email verification links still valid after changing it 2x
IRCCloud $300 Unvalidated Channel names causes IRC Command Injection
IRCCloud - Weak password policy
IRCCloud - Bruteforce protection not enabled on the login page
IRCCloud $500 Reflected XSS in Pastebin-view
IRCCloud - Missing Character Restriction
IRCCloud - Password type input with auto-complete enabled
IRCCloud $100 Host Header Injection -
IRCCloud $100 Login CSRF can be bypassed (Similar approach to previous one).
IRCCloud - Log Out Cross site Request Forgery
IRCCloud $1,000 Dangerous Persistent xss
IRCCloud - Unwanted Spamming Using CSRF [LOGGED IN USER]
IRCCloud $100 Host Header is not validated resulting in Open Redirect
IRCCloud - CSRF - Creating accounts
IRCCloud - Login page password-guessing attack(Brute-force attack-High).
IRCCloud $500 Persistent Cross Site Scripting within the IRCCloud Pastebin
IRCCloud - CSRF to Account Take Over Bug
IRCCloud - DNS Misconfiguration
IRCCloud - User Account Creation CSRF
IRCCloud $100 iOS application does not destroy session upon logout.
IRCCloud $100 Bug in iOS application which could lead to unauthorised access.
IRCCloud - "SESSION" Cookie without HttpOnly flag set
IRCCloud $100 Missing X-Content-Type-Options
IRCCloud - Session cookie can be leaked over an unencrypted HTTP connection
IRCCloud $500 Full account takeover using CSRF and password reset
IRCCloud $500 Session Token is not Verified while changing Account Setting's which Result In account Takeover
IRCCloud - HTML Form without CSRF protection
IRCCloud $100 Leaking Referrer in Reset Password Link
IRCCloud $100 Bruteforcing irccloud login
IRCCloud $100 Unsecure cookies, cookie flag secure not set
IRCCloud $100 Sign up CSRF
IRCCloud $100 Login CSRF