Public QIWI bug reports.

Team Bounty Title
QIWI $150 [XSS/pay.qiwi.com] Pay SubDomain Hard-Use XSS
QIWI $250 [XSS/3dsecure.qiwi.com] 3DSecure XSS
QIWI $100 [qiwi.com] .bash_history
QIWI $300 Раскрытие баланса на //kopilka.qiwi.com
QIWI $150 [qiwi.com] Information Disclosure
QIWI $150 [ibank.qiwi.ru] UI Redressing via Request-URI
QIWI $950 [qiwi.com] Oauth захват аккаунта
QIWI $200 Xss on billing
QIWI - SSL Certificate on qiwi.com will expire soon.
QIWI $150 Content Spoofing in mango.qiwi.com
QIWI $200 [rubm.qiwi.com] Yui charts.swf XSS
QIWI $100 Open Redirect in meeting.qiwi.com
QIWI $3,137 XML External Entity (XXE) in qiwi.com + waf bypass
QIWI $200 XSS Reflected in test.qiwi.ru
QIWI $500 Открытый доступ к корпоративным данным.
QIWI $100 Session Cookie without HttpOnly and secure flag set
QIWI $200 [ishop.qiwi.com] XSS + Misconfiguration
QIWI $150 [qiwi.com] Open Redirect
QIWI $100 Stored xss in agent.qiwi.com
QIWI - Metadata in hosted files is disclosing Usernames, Printers, paths, admin guides. emails
QIWI $1,000 [send.qiwi.ru] Soap-based XXE vulnerability /soapserver/
QIWI $100 [qiwi.com] /oauth/confirm.action XSS
QIWI $250 CRLF Injection [ishop.qiwi.com]
QIWI - Code for registration of qiwi account is not coming even after a long interval of time for Indian mobile number
QIWI $200 [send.qiwi.ru] XSS at auth?login=
QIWI $200 [static.qiwi.com] XSS proxy.html