Unfortunately, as a small company Westbury Digital isn't in a position to provide financial renumeration for locating bugs and security vulnerabilities though I would like to. However, we do welcome responsible disclosure of these bugs and value the work that is put into finding them.
I understand that it's perhaps not much but we do offer notoriety, a place to display what you have found. Any bugs located on any of my sites I will list your name/handle here with the vunrability you have located and its potential impact.
| Estimated CVSS | Name/Handle | Vulnerability | Potential |
|---|---|---|---|
| 6.1 [CVE-2019-11358] | Nilesh Agrawal Koyo | Prototype Pollution Attack | Crash Online Store |
| 5.0 [CVE-2021-35237] | Sakshi Patil | Clickjacking | Highjack users intended clicked links |
| 3.5.0 [CVE-2022-38796] | Alan Jose | Host Header Injection | Serverside misdirection if incorrectly referenced |
| 3.5 [CWE 1321] | Devansh Chauhan | Prototype Pollution | Out of date and potentially vulnerable jquery package |
| 1.5 [CWE NA] | Vijay Sutar | Subdomain SPF | Subdomain SPF records for email unhandled. |
| 1.5 [CWE NA] | Vaibhav jain | Missing MTA-STS record. | Exposed to man in the middle attack |
Whats CVSS? It's an open industry standard for assessing the severity of computer system security vulnerabilities between 1 and 10.
Please use the email below to outline what you have found.
Send Email.
Please remember to include;