Xsolla Bounty Program

In Scope

Most crucial criteria for a qualifying report are:

• Bug is submitted according to Reporting Guidelines (link). Reports that are too vague or unclear are not eligible for a reward.
• We can reproduce the issue.
• The issue is new to us, and it hasn’t been submitted by other reporters before.
• The reported issue is indeed a bug and not a normal system behaviour.
  

We're interested in all kinds of bugs, below is a list of main bug types that we are seeking reports for:

• Functionality errors. Something is not working the way it should (according to the logic of the system)
• Misspelled words, wrong syntax, grammatical errors (that implies localization issues as well)
• Missing/misleading/confusing information or incorrect context
• Design defects (objects overlapping, missing elements, etc.)
  
• System Vulnerabilities
  
• Other
  

The program is limited to the web and mobile versions of the Xsolla website. Our profiles on Facebook, Twitter, Linkedin, Reddit, etc. and our partners’ websites, do not qualify. Qualifying sites include:

• xsolla.com
• help.xsolla.com and h.xsolla.com
• secure.xsolla.com/…- this page will rarely be seen by you as the link to the payment page is mostly in the iframe. To get there, please right click on the mouse, choose the option 'View frame source,' then in a new window, you will see the link that you will be able to copy.
• publisher.xsolla.com
  
• developers.xsolla.com