Report a Security Vulnerability

We confirm that all information provided by the reporter (e.g. identity and

personal information) is treated confidentially

Reporter data

Name*

Phone number*

Email*

Report Title*

A clear and concise title includes the type of vulnerability and the impacted asset.

Vulnerability URL/IP*

Full URL, IP address or Mobile Application Link

Weakness*

Select the type of the potential issue you have discovered. Cant pick just one? Select the best match or submit a separate report for each distinct weakness.

Improper Neutralization of Escape, Meta, or Control Sequences

Cross-site Scripting (XSS) - Stored

Improper Input Validation

Replicating Malicious Code (Virus or Worm)

Incorrectly Specified Destination in a Communication Channel

Wrap-around Error

Improper Following of a Certificates Chain of Trust

Improper Check or Handling of Exceptional Conditions

Cross-Site Request Forgery (CSRF)

Out-of-bounds Read

Inclusion of Functionality from Untrusted Control Sphere

Insecure Direct Object Reference (IDOR)

Improper Neutralization of HTTP Headers for Scripting Syntax

HTTP Request Smuggling

XML Injection

Leftover Debug Code (Backdoor)

Improper Export of Android Application Components

XML Entity Expansion

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Insufficient Session Expiration

Use of Inherently Dangerous Function

Information Disclosure

Resource Injection

Buffer Over-read

Session Fixation

Information Exposure Through an Error Message

Reusing a Nonce, Key Pair in Encryption

Information Exposure Through Sent Data

Uncontrolled Recursion

Cross-site Scripting (XSS) - Reflected

Allocation of Resources Without Limits or Throttling

Improper Authentication - Generic

Use of a Key Past its Expiration Date

Improper Handling of Insufficient Permissions or Privileges

Reliance on Reverse DNS Resolution for a Security-Critical Action

OS Command Injection

Reversible One-Way Hash

Integer Underflow

File and Directory Information Exposure

Server-Side Request Forgery (SSRF)

Buffer Under-read

Insecure Temporary File

Missing Required Cryptographic Step

Trust of System Event Data

Storing Passwords in a Recoverable Format

Business Logic Errors

Type Confusion

Privilege Escalation

Incorrect Comparison

Information Exposure Through Debug Information

User Interface (UI) Misrepresentation of Critical Information

Command Injection - Generic

Privacy Violation

Improper Privilege Management

Array Index Underflow

Execution with Unnecessary Privileges

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Lack of Binary Hardening

XML External Entities (XXE)

Cross-site Scripting (XSS) - Generic

Use of Incorrectly-Resolved Name or Reference

Security Through Obscurity

Use of Externally-Controlled Format String

Use of Hard-coded Password

Insufficiently Protected Credentials

Stack Overflow

Embedded Malicious Code

Cleartext Storage of Sensitive Information

Information Exposure Through Discrepancy

Integer Overflow

Improper Access Control - Generic

Use After Free

Deserialization of Untrusted Data

Path Traversal: .../...//

Improper Handling of URL Encoding (Hex Encoding)

Incomplete Blacklist

Buffer Underflow

NULL Pointer Dereference

Code Injection

Reliance on Untrusted Inputs in a Security Decision

Phishing

Missing Authentication for Critical Function

Information Exposure Through Timing Discrepancy

Weak Password Recovery Mechanism for Forgotten Password

Man-in-the-Middle

Client-Side Enforcement of Server-Side Security

Heap Overflow

Missing Encryption of Sensitive Data

Incorrect Permission Assignment for Critical Resource

Improper Handling of Highly Compressed Data (Data Amplification)

Use of Hard-coded Credentials

Modification of Assumed-Immutable Data (MAID)

Incorrect Authorization

Cross-site Scripting (XSS) - DOM

Incorrect Calculation of Buffer Size

Use of Hard-coded Cryptographic Key

Off-by-one Error

Unprotected Transport of Credentials

Brute Force

Using Components with Known Vulnerabilities

Cryptographic Issues - Generic

SQL Injection

Unrestricted Upload of File with Dangerous Type

Memory Corruption - Generic

Improper Control of Interaction Frequency

Improper Authorization

Forced Browsing

Write-what-where Condition

Use of a Broken or Risky Cryptographic Algorithm

Remote File Inclusion

Insecure Storage of Sensitive Information

Untrusted Search Path

Unverified Password Change

Relative Path Traversal

Denial of Service

Misconfiguration

Reliance on Cookies without Validation and Integrity Checking in a Security Decision

Open Redirect

HTTP Response Splitting

Weak Cryptography for Passwords

Plaintext Storage of a Password

Authentication Bypass Using an Alternate Path or Channel

Password in Configuration File

Violation of Secure Design Principles

Missing Critical Step in Authentication

Malware

Classic Buffer Overflow

Use of Insufficiently Random Values

Inadequate Encryption Strength

Improper Null Termination

Time-of-check Time-of-use (TOCTOU) Race Condition

Improper Neutralization of Special Elements

XSS Using MIME Type Mismatch

LDAP Injection

Insufficient Verification of Data Authenticity

Improper Certificate Validation

Download of Code Without Integrity Check

Missing Authorization

Omission of Security-relevant Information

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

Double Free

Information Exposure Through Directory Listing

Externally Controlled Reference to a Resource in Another Sphere

Key Exchange without Entity Authentication

External Control of Critical State Data

Cleartext Transmission of Sensitive Information

Exposed Dangerous Method or Function

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CRLF Injection

UI Redressing (Clickjacking)

Unchecked Error Condition

Path Traversal

Improperlty Implemented Security Check for Standard

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Use of GET Request Method With Sensitive Query Strings

Insertion of Sensitive Information into Log File

Weak Password Requirements

Sensitive Cookie Without 'HttpOnly' Flag

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Observable Response Discrepancy

Use of Unmaintained Third Party Components

Use of Single-factor Authentication

Proof Of Concept

The proof of concept is the most important part of your report submission. Clear, reproducible steps will help us validate this issue as quickly as possible.

Impact*

What security impact could an attacker achieve?

Attachment

Upload your attachments here

Choose or Drag & Drop Files

I hereby confirm that I have read the Terms and Conditions and Privacy and Policy

I hereby agree not to disclose or use any confidential information belonging to the other party for any reason which is not stated in terms and conditions.