Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Cross-site scripting (XSS).
  • Cross-site Request Forgery (CSRF).
  • SQL injection.
  • Remote code execution (RCE).


Eligibility

To be eligible to participate in this bug bounty program, researchers must:

  • Be 18 years of age or older.
  • Not be a current or former employee of Lexzur of Lexzur or any of its affiliates.


Rules

  • Do not access or attempt to access sensitive data.
  • Do not perform any actions that could harm our systems or users.
  • Do not use any vulnerabilities contingent on social engineering, spamming, DDOS attack or other similar types of exploitation.
  • Do not use similar technique that has already been reported and rewarded, subsequent reports of the same nature will not be eligible for additional rewards.
  • 0-day vulnerabilities less than 30/60/90 days from patch release are ineligible for bounty.


Submission Guidelines

  • Provide detailed steps to reproduce the vulnerability.
  • Proof of Concept,  Include Include any supporting evidence, such as screenshots or videos.
  • Include Impact of the issue and how an attacker could exploit the issue.
  • Affected target, feature, or URL.

If your report doesn’t include the necessary information to allow us to reproduce the issue, we may not be able to accept your report or evaluate it for a bounty.


Reporting

Researchers who believe they have discovered a potential vulnerability in Lexzur's systems should report it to our security team via the email address sec@lexzur.com.

If similar vulnerabilities are reported, the payment may be split among those reporters, or it may be awarded to the first person who reported it.

...

Researchers are expected to follow responsible disclosure practices when reporting vulnerabilities. This means that researchers should not publicly disclose the vulnerability or exploit it for any purpose other than to demonstrate its existence to Lexzur's security team.

Lexzur reserves the right to immediately remove you from the Bug Bounty program if you violate any of these terms and conditions as determined by Lexzur. This includes sending any harassing, threatening, or unlawful messages to Lexzur. Any such messages may be reported to relevant law enforcement entities.

...

By participating in this bug bounty program, researchers agree to these terms and conditions. Lexzur reserves the right to modify or terminate this program at any time.


Management And Triage

All incoming reports will be reviewed and triaged by our security team. We will provide timely responses to participants, and will promptly pay out rewards for eligible vulnerabilities.

...

  • Critical vulnerabilities: $100.
  • High severity vulnerabilities: $75.
  • Medium severity vulnerabilities: $50.
  • Low severity vulnerabilities: $30.

The payment processing will initiate once the bug bounty validation has been completed and is expected to take around 30 working days to finalize.

...