Public Legal Robot bug reports.

Team Bounty Title
Legal Robot - design issue exists on login page
Legal Robot - Coding error !
Legal Robot - Insufficient Security Configurability-Weak Registration Implementation-Allows Disposable Email Addresses
Legal Robot - I cant login to my account
Legal Robot - Improper error message
Legal Robot - Email Length Verification
Legal Robot - Name can't be numbers or email
Legal Robot - Password Restriction On Change
Legal Robot - UX: JS error on Password Safety link
Legal Robot - Information disclosure
Legal Robot - Special characters are not filtered out on profile fields
Legal Robot - Change password session fixed
Legal Robot - Weak Cryptography for Passwords
Legal Robot $20 No length limit in invite_code can cause server degradation
Legal Robot $20 CSP script-src includes "unsafe-inline"
Legal Robot $20 Improper validation of parameters while creating issues
Legal Robot $100 Update any profile
Legal Robot - Invalid Email Verification
Legal Robot $20 first name and last name restrictions bypass
Legal Robot $20 TabNabbing issue (due to taget=_blank)
Legal Robot - Tampering the mail id on chatbox
Legal Robot $20 Incorrect error message
Legal Robot $20 Incorrect email content when disabling 2FA
Legal Robot $20 Lengthy manual entry of 2FA secret
Legal Robot $40 Code injection
Legal Robot $20 User enumeration from failed login error message
Legal Robot - Mixed Content over HTTPS
Legal Robot $20 Change password logic inversion
Legal Robot $20 Profile fields validation bypass
Legal Robot - LUCKY13 (CVE-2013-0169) effects legalrobot.com
Legal Robot - Create Api Key is not working
Legal Robot $20 Profile shows incorrect account creation date
Legal Robot - Password Reset page Session Fixation
Legal Robot - Lack of input validation in e-mail & user name, job title, company name field
Legal Robot - SSL : breach compression attack (CVE-2013-3587) effects legalrobot.com
Legal Robot $20 [Cross-domain Referer leakage] Password reset token leakage via referer
Legal Robot $20 Token leakage by referrer header & analytics
Legal Robot $20 No notification on change password feature
Legal Robot $20 Meta characters are not filtered into full name on profile page
Legal Robot $20 Pages don't render in old browsers like IE11
Legal Robot $60 Missing Issuer parameter on TOTP 2FA
Legal Robot - Subdomain misconfiguration [mail.legalrobot.com]
Legal Robot $20 [New Feature] Password history check
Legal Robot $20 User enumeration
Legal Robot $20 Password complexity ignores empty spaces
Legal Robot $60 Users with 2FA can have multiple sessions
Legal Robot $20 Account profile shows encryption recovery box for all users
Legal Robot $60 Enhancement: email confirmation for 2FA recovery
Legal Robot $20 Intercom chat session information persists after logout
Legal Robot $60 2FA Error Handling on Google Authenticator
Legal Robot - 2FA user enumeration via login
Legal Robot $90 2FA user enumeration via password reset
Legal Robot $40 Password complexity not evenly enforced
Legal Robot $90 Missing link to 2FA recovery code
Legal Robot $90 Missing link to TOTP manual enroll option
Legal Robot $60 Non-functional 2FA recovery codes
Legal Robot $20 Domain takeover (legalrobot.co.za)
Legal Robot - Big XSS vulnerability!
Legal Robot $60 Token leakage by referrer
Legal Robot - Password Policy Bypass
Legal Robot $40 Password reset form ignores email field
Legal Robot - SWEET32 TLS attack
Legal Robot $20 Password complexity requirements not enforced
Legal Robot - S3 ACL misconfiguration
Legal Robot $40 Password reset access control
Legal Robot $40 Missing restriction on string size in profile fields
Legal Robot - The websocket traffic is not secure enough
Legal Robot $40 Bypass 8 chars password complexity with 6 chars only due to insecure password reset functionaliy
Legal Robot $20 Information Disclosure on rate limit defense mechanism
Legal Robot $20 Near-duplicate accounts allowed with ignored email mutations
Legal Robot - content spoofing
Legal Robot - Server version disclosure
Legal Robot - CSRF Issue
Legal Robot - clickjacking at http://mailboxes.legalrobot-uat.com/
Legal Robot $60 Validation bypass on user profile
Legal Robot $20 Possible content spoofing due to missing error page
Legal Robot - Click Jacking
Legal Robot $20 unsecured legalrobot.co.uk assets
Legal Robot - UI Redressing ( ClickJacking ) Issue on Information submit form
Legal Robot - News Feed Detected
Legal Robot - 2 vulns
Legal Robot $20 Legal | Application is Missing CSP(Content Security Policy) Header
Legal Robot - Clickjacking: X-Frame-Options header missing
Legal Robot - Amazon Bucket Accessible (http://legalrobot.s3.amazonaws.com/)
Legal Robot - Email spoofing-fake mail from your mail domain server
Legal Robot $20 CORS (Cross-Origin Resource Sharing)
Legal Robot $20 Information Disclosure in AWS S3 Bucket
Legal Robot - Email spoofing possible via Legal Robot domain
Legal Robot $120 User Information leak allows user to bypass email verification.
Legal Robot $120 User Information sent to client through websockets
Legal Robot $40 AWS S3 website can't serve security headers, may allow clickjacking
Legal Robot $100 Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io.
Legal Robot - No DMARC Record in legalrobot-uat.com
Legal Robot $20 SSL Issue on legalrobot.com
Legal Robot $20 SPF Issue
Legal Robot $120 Remote Code Execution (upload)
Legal Robot $20 Rate limiting on Email confirmation link
Legal Robot - Rate limiting on password reset links
Legal Robot $20 - Guessing registered users in legalrobot.com
Legal Robot $20 No valid SPF record
Legal Robot $20 CSRF
Legal Robot $40 Registration bypass using OAuth logical bug
Legal Robot $20 Missing security headers, possible clickjacking
Legal Robot $20 missing SPF for legalrobot.com