Most crucial criteria for a qualifying report are:
We're interested in all kinds of bugs, below is a list of main bug types that we are seeking reports for:
The program is limited to the web and mobile versions of the Xsolla website. Our profiles on Facebook, Twitter, Linkedin, Reddit, etc. and our partners’ websites, do not qualify. Qualifying sites include:
By submitting a bug report you agree to comply with the Xsolla Bounty Program Policy, which forbids public or private disclosure of the details of any vulnerability or bug on Xsolla before the 30 days after the bug has been fixed.
By participating in this program, you agree to adhere to the above rules and conditions. All rules must be followed to be eligible for rewards.