We have identified a number of issues with multiple Pictela domains thanks to the work and detail in your reports. While we work with the product team to build fixes for these issues, we will be imposing a limit on the scope of Pictela. These issues all stem from either the same root cause, or related individual causes. Any new reports for these vulnerabilities will be triaged by HackerOne as a Duplicate if the domain is in the list below.
Known Vulnerabilities: XSS, SSRF, XXE and RCE
We are interested in finding out about any new domains that have the same issues, but we are not opening up full payment for them. For the first report of any of these vulnerabilities against a new domain, the award will be a flat $2,000 for identifying another domain/subdomain.