Our promise to you

• We are happy to respond to any questions, please use the button in the right top corner for this.
• We respect the safe harbour clause that you can find below

Your promise to us

• Provide detailed but to-the point reproduction steps
• Include a clear attack scenario. How will this affect us exactly?
• Remember: quality over quantity!
• Please do not discuss or post vulnerabilities without our consent (including PoC's on YouTube and Vimeo)
• Please do not use automatic scanners -be creative and do it yourself! We cannot accept any submissions found by using automatic scanners. Scanners also won't improve your skills, and can cause a high server load (we'd like to put our time in thanking researchers rather than blocking their IP's 😉)

Exceptional

• RCE (Remote Code Execution)

Critical

• Access to all customer personal data
• SQL injection

High

• Stored XSS without user interaction
• Privilege escalation
• Authentication bypass on critical infrastructure

Medium

• XSS
• CSRF with a significant impact

Low

• XSS that requires lots of user interaction ( > 3 steps)
• CSRF with a very limited impact

Where can we get credentials for the app?

You can self-register on the application but please don’t forget to use your @intigriti.me address.