Xsolla Bounty Program

Out-of-Scope

  • Security Best Practices i.e. Security Headers etc.
  • Social Engineering, Phishing
  • Physical Attacks
  • Missing Cookie Flags
  • CSRF with minimal impact i.e. Login CSRF, Logout CSRF etc.
  • Content Spoofing
  • Stack Traces, Path Disclosure, Directory Listings
  • SSL/TLS best practices
  • Banner Grabbing
  • CSV Injection
  • Reflected File Download
  • Reports on Out of dated browsers
  • DOS/DDOS (including no Rate Limits and file size restrictions)
  • Host header Injection without a demonstrable impact
  • Scanner Outputs
  • Vulnerabilities on Third Party Products
  • User Enumeration
  • Password Complexity
  • HTTP Trace Method
  • Issues found in third party software used by Xsolla

Reports on:

  • A payment being declined or not going through.
  • A refund that hasn’t been approved, or funds haven't reached your account yet.
  • The payment system you’d like to use is temporarily unavailable or not available for your region/mobile carrier.
  • You have not received the purchase or the bonus associated with it.
  • Issues related to scheduled or unscheduled downtimes, connection issues, etc.
  • Flaws found on our profiles on Facebook, Twitter, Linkedin, Reddit, etc. and our partners’ websites.

For these and other payment-related issues, please contact our 24/7 Customer Service team at help.xsolla.com.

Contact Us

Report Submission

By submitting a bug report you agree to comply with the Xsolla Bounty Program Policy, which forbids public or private disclosure of the details of any vulnerability or bug on Xsolla before the 30 days after the bug has been fixed.

By participating in this program, you agree to adhere to the above rules and conditions. All rules must be followed to be eligible for rewards.

Choose file...

Thank you, your submission has been received

This form is temporarily out of order. We're already working to restore it. Try leaving your request again later or contact us directly at support@xsolla.com.