The official Telekom Bug Bounty Program announced since december 2013 that in 2014 the vulnerability scope guidlines became a persistent upgrade.
A lot of unauthorized individuals have submitted a lot of client-side cross site scripting vulnerabilities by usage of public security scanners software/scripts.
The reports overflowed the telekom program and as consequence a major update to change came up by exclude of several "small" attacks vectors.
They do not block to receive client-side cross site issues because they also need to patch them but the main scope has been changed to major security issues in 2014.
The german telekom decided to disallow to reward the following categories of bugs:
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability