The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify. XSS is the most impactful vulnerability and thus the one reaping the highest rewards for ethical hackers in 2020 for a second year running. The more common a vulnerability is, the less ethical hackers are paid and thus less that organizations pay out to locate and mitigate it, researchers noted. In total, organizations paid ethical hackers $23.5 million in bug bounties for all of these flaws this year.
Source: https://threatpost.com/bug-bounty-awards-spike-2020/160719/