Yahoo Mail XSS Bug Worth Another $10K to Researcher Posted on December 10, 2016 by Simon Steed Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.