Submit a form (link) below with a detailed report. This report should include clear information about security issues and their Impact. Reports without reproducible PoC will be closed as Informative.
Your report should include as much of the following as possible:
Please follow these while submitting the report:
Please make sure to use the User-Agent string xsolla-bugbounty-%your-email-befor@% while testing
Limited usage of automated scanners/tools is allowed with above User-Agent applied and scanners/tools must be configured to not send more than 15 requests per second to any particular service
Please note, use of scanning tools without the User-agent string above may result in your account/IP getting blocked by automated protections. It can take time to reinstate these so please make sure to include it.
Once submitted, we will acknowledge that we have received your report with an automated reply to ask for more info if it is necessary, and will continue our conversation via email when/if applicable.
We will then review the information and work to validate the reported bug. In the event that a true bug is discovered, we will notify you.
By submitting a bug report you agree to comply with the Xsolla Bounty Program Policy, which forbids public or private disclosure of the details of any vulnerability or bug on Xsolla before the 30 days after the bug has been fixed.
By participating in this program, you agree to adhere to the above rules and conditions. All rules must be followed to be eligible for rewards.