RESPONSIBLE DISCLOSURE POLICY

We believe it is against the spirit of this program to disclose the flaw for purposes other than actually fixing the bug. Regardless of whether a vulnerability is listed as In Scope, or is discovered on eligible websites or other Xsolla websites, participants agree not to disclose or report any identified vulnerabilities by any means other than submitting the form provided in the Rules of Engagement, and further agree not to disclose such vulnerabilities to any third party.

We will do our best to respond to your submission as quickly as possible, and award a bounty when appropriate.

Please do not hack user accounts, corrupt databases, or leak data that might be sensitive. We also discourage testing that degrades the quality of service for our users.

CONTACT US
REPORT SUBMISSION

By submitting a bug report, you agree to comply with the Xsolla Bounty Program Policy, which prohibits both public and private disclosure of any vulnerability or bug details related to Xsolla.

By participating in this program, you agree to adhere to the above rules and conditions. All rules must be followed to be eligible for rewards.

Please make sure to use this User-Agent string for testing:xsolla-bugbounty-%your-email-before@%Learn more...
Average response time : 48 hours for tickets