Public Square bug reports.

Team Bounty Title
Square - Invitation threshold
Square - Redirecting a victim elsewhere through shopseen 0auth
Square - HTTP Header revealing server information.
Square $500 Delayed, fraudulent transactions possible with encrypted Square Reader devices due to lack of server-side verification of device transaction counter
Square $250 CSRF on adding a calendar event
Square $500 square google calendar integration CSRF, parameter not checking properly)
Square $500 CSRF on adding clients
Square $250 Privilege Escalation
Square $250 Redirect while opening link in new tabs
Square $2,000 malicious file upload
Square $400 Reflected XSS in widget script thru cookie
Square $1,000 Reflected XSS in
Square $750 Editing Client Details of other People
Square - XSS on bookfresh
Square $2,000 CRITICAL Account takeover via AngularJS template injection in
Square $500 XSS in Client Past Activity
Square $250 Open Redirect [FreshBook]
Square $500 XSS [BookFresh]
Square - CSRF login
Square $1,500 Blind SQL injection in