Security Researchers

Eligible Vulnerabilities

We encourage the coordinated disclosure of the following eligible web application vulnerabilities:

Authentication/Authorization
Cross-site scripting (XSS)
Cryptography
Cross-site request forgery (CSRF) in a privileged context
HTTP response splitting
Injection vulnerabilities
Information leakage
URL redirector abuse

Others, Including:

• Server-side code execution/remote code execution
• XML attacks
• Directory traversal
• Significant security misconfiguration