Possibly! If someone reports what we feel is both:

  • A serious vulnerability (and not just a low or zero-risk XSS).
  • Something discovered during ROUTINE use of the system as an actual user, not via penetration testing, which would need to be authorized beforehand. If authorized. All testing MUST be performed on our sandbox or testing environments. Please reach out for instructions. 

If you find a bug that meets those two requirements, we will consider sending a reward in exchange for reporting it to our team.

Did this answer your question?