Security report guidelines:
- Please provide the information on how the vulnerability you've discovered might be used both theoretically and practically, what its impact is, and all the pertinent details.
- Please provide the exact steps on how the vulnerability can be exploited and how we can reproduce the issue ourselves. We'd love to see the demonstration of the attack which will not affect our existing users. You may create as many test user accounts as you need.
- Please submit the bug report via our support channels (email or web site widget) but only after you've verified that it indeed works.
- Use whatever language you prefer if you don't feel comfortable writing in English.
Hall of fame
- 2017-07-04 Jens Mueller (@jensvoid) responsibly reported a CORS misconfiguration vulnerability and earned a reward of ~$240.