GSA Bounty: Link poisoning on https://secure.login.gov/ login page

This link leads to the genuine secure.login.gov login page, in French: https://secure.login.gov/fr?host=portswigger.net However, if you try to change the language to English using the bar at the bottom you'll end up an external website of my choice. As users won't expect changing their language t...

GSA Bounty: CSRF to change Account Security Keys on secure.login.gov

This may not be in scope and nor be eligible for bounty but I read this in your vulnerability disclosure policy: While not all of our services are in scope for our Bug Bounty program, we do welcome disclosures of vulnerabilities through our Vulnerability Disclosure Policy. We would encourage you ...