Security News > 2020 > October > Bug Bounty Hunters Earned Over $4M for XSS Flaws Reported via HackerOne in 2020
In a report published this week, HackerOne reveals that XSS flaws accounted for 18% of all reported issues, and that the bounties companies paid for these bugs went up 26% from last year, reaching $4.2 million.
The second most awarded vulnerability type in 2020, HackerOne says, is Improper Access Control, which saw a 134% increase in occurrence compared to 2019, with a total of $4 million paid by companies in bug bounty rewards.
With $3 million paid by organizations to mitigate them over the past year, Server-Side Request Forgery vulnerabilities ended up on the fourth position.
In just one year, organizations paid $23.5 million via HackerOne to those who submitted valid reports for these 10 vulnerability types.
To date, the hacker-sourced platform paid $107 million in bug bounties, with more than $44.75 million of these rewards being paid within a 12-month period, HackerOne announced in September 2020.