We provide rewards to vulnerability reporters at our discretion. The following are guidelines to indicate typical reward amounts.
Examples: remote code execution, SQL injection with significant impact, and vertical authentication bypasses.
Access to other user's private data
Examples: Stored XSS or CSRF with significant impact, Internal SSRF, IDOR with significant impact, and lateral authentication bypasses.
Limited access to other user's private data
Examples: Reflective XSS with impact, CSRF, IDOR, and open redirects with impact.
Configuration issues and other vulnerabilities with limited impact
Examples: Misconfigurations including SPF and SSL, CSRF, and XSS vulnerabilities with limited impact.