Public Rockstar Games bug reports.

Team Bounty Title
Rockstar Games $500 dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)
Rockstar Games $500 dom based xss in https://www.rockstargames.com/GTAOnline/
Rockstar Games $600 CSRF Vulnerability allows attackers to steal SocialClub private token.
Rockstar Games $500 Reflected XSS via Double Encoding
Rockstar Games $1,000 XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js
Rockstar Games $500 flash injection in http://www.rockstargames.com/IV/imgPlayer/imageEmbed.swf
Rockstar Games $250 Control characters incorrectly handled on Crew Status Update
Rockstar Games $1,000 Stored XSS in profile activity feed messages
Rockstar Games $1,000 Stored XSS in snapmatic comments
Rockstar Games $350 Profile bio at rockstar is accepting control characters
Rockstar Games $350 Login form on non-HTTPS page
Rockstar Games $150 Source Code Disclosure (CGI)
Rockstar Games $350 Control Character Injection In Messages
Rockstar Games $300 use of unsafe host header leads to open redirect
Rockstar Games $150 Full path Disclosure in Rockstargames.com/img/global/
Rockstar Games $150 SSLv3 POODLE Vulnerability
Rockstar Games $1,400 <- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information ->
Rockstar Games $650 [IMP] - Blind XSS in the admin panel for reviewing comments
Rockstar Games $500 Ability to post comments to a crew even after getting kicked out
Rockstar Games $500 DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
Rockstar Games $500 Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire
Rockstar Games $750 CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'