Versions Compared

Old Version 3

changes.mady.by.user Edgard Assaf

Saved on

compared with

New Version 4

changes.mady.by.user Edgard Assaf

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following types of vulnerabilities are eligible for rewardswill only be rewarded:

  • Cross-site scripting (XSS)
  • Cross-site Request Forgery (CSRF)
  • SQL injection
  • Remote code execution (RCE)

...

Researchers are expected to follow responsible disclosure practices when reporting vulnerabilities. This means that researchers should not publicly disclose the vulnerability or exploit it for any purpose other than to demonstrate its existence to Lexzur's security team

Lexzur reserves the right to immediately remove you from the Bug Bounty program if you violate any of these terms and conditions as determined by Lexzur. This includes sending any harassing, threatening, or unlawful messages to Lexzur. Any such messages may be reported to relevant law enforcement entities.

To the maximum extent permitted by law, Lexzur and its officers, directors, employees, partners, affiliated companies, subsidiaries, suppliers, distributors, advertising and promotional agencies, agents. shall not be liable for any indirect, incidental, consequential, special, or punitive damages arising out of or in connection with your participation in the Program.

By participating in this bug bounty program, researchers agree to these terms and conditions. Lexzur reserves the right to modify or terminate this program at any time

...

All incoming reports will be reviewed and triaged by our security team. We will provide timely responses to participants, and will promptly pay out rewards for eligible vulnerabilities.

Rewards

Lexzur will offer rewards for eligible vulnerabilities according to the following schedule:

  • Critical vulnerabilities: $100
  • High severity vulnerabilities: $75
  • Medium severity vulnerabilities: $50
  • Low severity vulnerabilities: $30

The payment processing will initiate once the bug bounty validation has been completed and is expected to take around 30 working days to finalize.

Lexzur reserves the right to validate/reject the reported vulnerability with a valid reason or to determine the severity of a vulnerability and the amount of the reward.