We provide rewards to vulnerability reporters at our discretion. The following are guidelines to indicate typical reward amounts.

Systemic compromise

Examples: remote code execution, SQL injection with significant impact, and vertical authentication bypasses.

Access to other user's private data

Examples: Stored XSS or CSRF with significant impact, Internal SSRF, IDOR with significant impact, and lateral authentication bypasses.

Limited access to other user's private data

Examples: Reflective XSS with impact, CSRF, IDOR, and open redirects with impact.

Configuration issues and other vulnerabilities with limited impact

Examples: Misconfigurations including SPF and SSL, CSRF, and XSS vulnerabilities with limited impact.