XSS vulnerabilities accounted for 18% of all flaws reported by bug hunters, these issues received a total of $4.2 million in bounties paid by companies (+26% from last year) XSS issues received an average of just $501 per issue. Improper Access Control follows XSS in the list of most awarded vulnerability type in 2020, experts observed an increase of 134% in occurrence compared to 2019. SSRF (Server Side Request Forgery) flaws are the third place there are SSRF flaws, experts pointed out that the advent of cloud architecture has rendered these vulnerabilities increasingly critical.”]
Source: https://securityaffairs.co/wordpress/110223/reports/xss-top-bug-bounty.html