Blue UXCam logo

Bug Bounty Program

Please check out our hall of fame.
Two person working with a computer

At UXCam, the security of our systems and our customers’ data is the top priority. No matter how hard we try to keep systems security in place there can still be vulnerabilities.

If you have found a vulnerability in our system, we would like to request you to kindly brief the findings with the detailed proof of concept so we can take steps to address it as quickly as possible.

Submit your report via our Security Vulnerability Portal.

Reporting Structure

To be able to understand your reporting and the type of impact to our organization, please make sure that your report contains the following reporting structure:

  • Submit only one issue per report

  • What is the security issue? Summarize it.

  • Exploit functioning: A detailed step list for reproducing the vulnerability, impact, include screenshots or a video recording as proof of concept and CVSSv3 score.

In Scope

  • app-staging.uxcam.com

  • uxcam.com

  • dashboardapi-staging.uxcam.com

  • visualization-staging.uxcam.com

  • api-staging.uxcam.com

In Scope Vulnerabilities:

  • Remote code execution (RCE)

  • Injection vulnerabilities

  • File inclusions

  • Access Control Issues (IDOR, Privilege Escalation, etc)

  • Leakage of sensitive information

  • Server-Side Request Forgery (SSRF)

  • Cross-Site Request Forgery (CSRF)

  • Cross-Site Scripting (XSS)

  • Other vulnerability with a clear impact

Out of scope vulnerabilities:

  • Certificates/TLS/SSL-related issues;

  • DNS issues (i.e. MX records, SPF records, DMARC records etc.);

  • Server configuration issues (i.e., open ports, TLS, etc.)

  • User account enumeration

  • Clickjacking/Tapjacking and issues only exploitable through clickjacking/tap jacking

  • Descriptive error messages (e.g. Stack Traces, application or server errors)

  • Login & Logout CSRF

  • Username/email enumeration via Login/Forgot Password Page error messages

  • Host header issues without proof-of-concept demonstrating the vulnerability

  • Spam (SMS, email, etc)

  • Denial of service (DoS/DDoS)

  • Theoretical issues

  • Files without sensitive information

  • Missing HTTP security headers

Rules for you

  • Do not try to attempt or gain access to another users’ account or data. For cross-account testing use your own test accounts.

  • Do not perform any attack that could harm the integrity of our organization’s service and data. DDoS (Distributed Denial of Service) or spam attacks are not allowed.

  • Test only for vulnerabilities on sites you know that are operated by UXCam.

  • Your testing should not impact other users, this includes testing for vulnerabilities in accounts you do not own.

  • Do not use scanners or automated tools to find vulnerabilities, these tools are noisy and we may ban your IP address.

  • Attacks like social engineering and phishing against our employees and users are not accepted.

  • Do not disclose the bug to the public.

  • If in doubt do not hesitate to email us and we are happy to clarify the conditions for you.

Rules for us

  • Allow us to respond to you within 5 business days with our evaluation of your report and the expected resolution date.

  • We will update you as we fix the bug you submitted.

  • We will not take any legal action against you if you play by the rules.

For the bug bounty eligibility and the reward value, the final decision will be from our end. This bug bounty program exists entirely at our discretion which can be canceled or modified at any time. Any modification we make to these program’s terms does not apply retroactively. Thanks for helping us make UXCam more secure.

Rewards

The submission of the vulnerability will be based on its severity and full completeness of the report, we will decide and offer the following rewards at our sole discretion. We will also mention the reporter name in our hall of fame page.

Minimum Reward$50
Maximum Reward$1000

Sign up for our newsletter

By providing your email address, you give UXCam consent to receive announcements, updates, and product offers by email. You may unsubscribe at any time. More information can be found in the Privacy Policy.
Thanks for submitting the form.
UXCam logo

Products

© 2021 UXCam. All rights reserved.
Privacy Policy
Terms Of Service