Took a look at DHL Market. Some rather obvious bugs in their website. Details here:
https://gist.github.com/anonymous/f38115e9e8318fda2f89961503f31777
Hilarity when I report the bug to support and it triggered another XSS vuln there.
Some of their req parameters seem very iffy and it wouldn't surprise me to find a lot more there - but I don't have time to dig deep at the moment (and would have to break out the captcha solver)
Word, Thank you /u/t0mcheck you are a highly valued assest to this community.
I hope you are being compensated for the bug bounty.