A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.