A researcher earned a $10,000 bounty from Yahoo for a stored cross-site scripting vulnerability in Yahoo Mail.