Xsolla Bounty Program

In Scope

Most crucial criteria for a qualifying report are:

  • Bug is submitted according to Reporting Guidelines (link). Reports that are too vague or unclear are not eligible for a reward.
  • We can reproduce the issue.
  • The issue is new to us, and it hasn’t been submitted by other reporters before.
  • The reported issue is indeed a bug and not a normal system behaviour.

We're interested in all kinds of bugs, below is a list of main bug types that we are seeking reports for:

  • Functionality errors. Something is not working the way it should (according to the logic of the system)
  • Misspelled words, wrong syntax, grammatical errors (that implies localization issues as well)
  • Missing/misleading/confusing information or incorrect context
  • Design defects (objects overlapping, missing elements, etc.)
  • System Vulnerabilities
  • Other

The program is limited to the web and mobile versions of the Xsolla website. Our profiles on Facebook, Twitter, Linkedin, Reddit, etc. and our partners’ websites, do not qualify. Qualifying sites include:

Contact Us

Report Submission

By submitting a bug report you agree to comply with the Xsolla Bounty Program Policy, which forbids public or private disclosure of the details of any vulnerability or bug on Xsolla before the 30 days after the bug has been fixed.

By participating in this program, you agree to adhere to the above rules and conditions. All rules must be followed to be eligible for rewards.

Choose file...

Thank you, your submission has been received

This form is temporarily out of order. We're already working to restore it. Try leaving your request again later or contact us directly at support@xsolla.com.