Bug Bounty Program

Scope

• Cross-site scripting (XSS) vulnerabilities
• Authentication or authorization flaws
• Data exposure or leakage issues
• API security vulnerabilities
• Server-side request forgery (SSRF)

Out of Scope

• Denial of service (DoS) attacks
• Social engineering
• Physical access attacks
• Issues in third-party services

How to Report

Send detailed vulnerability reports to [email protected] with steps to reproduce, impact assessment, and any proof-of-concept code.