Xsolla
EN

Xsolla Bounty Program

In Scope

The program is limited to the web and mobile versions of the Xsolla website. Our profiles on Facebook, Twitter, LinkedIn, Reddit, etc. and our partners’ websites, do not qualify.

Eligible for bounty:
*.xsolla.com
babka.com
80.lv

Eligible Vulnerabilities

 
Vulnerability
Severity Range
1
Remote Code Execution
Critical
2
SQL Injection
High - Critical
3
XXE
High - Critical
4
Stored XSS
Medium - High
5
Server-Side Request Forgery
High - Critical
6
Directory Traversal - Local File Inclusion
High
7
Authentication/Authorization Bypass (Broken Access Control)
Medium - High
8
Privilege Escalation
Medium - High
9
Insecure Direct Object Reference
Medium - High
10
Reflected Cross Site Scripting
Medium
11
Misconfiguration
Low - High
12
Web Cache Deception
Low - Medium
13
CORS Misconfiguration
Low - Medium
14
CRLF Injection
Low - Medium
15
Cross Site Request Forgery
Low - Medium
16
Open Redirect
Low - Medium
17
Information Disclosure
Low - Medium

Non-eligible Vulnerabilities

 
Vulnerability
1
Clickjacking
2
Self XSS
3
Email Spoofing - SPF Records Misconfiguration
rules
Rewards →
In Scope →
Out of Scope →
Rules of Engagement →
Payments →
Our Commitment →
Responsible Disclosure Policy →
I can’t make a payment
You charged me, but i didn’t get my purchase
I have a problem with the purchase
I made a payment and need a refund
I see charges for Xsolla that I don’t recognize
I need a receipt for my payment
I ordered a physical product
I made a payment for a pre-order
Babka
Xsolla Bounty Program
Contact Us

Report Submission

By submitting a bug report you agree to comply with the Xsolla Bounty Program Policy, which forbids public or private disclosure of the details of any vulnerability or bug on Xsolla before the 30 days after the bug has been fixed.

By participating in this program, you agree to adhere to the above rules and conditions. All rules must be followed to be eligible for rewards.

Choose file...

Thank you, your submission has been received

Another bug report
This form is temporarily out of order. We’re already working to restore it. Try leaving your request again later or contact us directly at support@xsolla.com.
Xsolla (USA), Inc., Video Game Services, Sherman Oaks, CA
Privacy Policy
 End User License Agreement
 Legal Agreements
© 2006 — 2021 Xsolla (USA), Inc.