responsible disclosure / bug bounty


Unfortunately

Unfortunately, as a small company Westbury Digital isn't in a position to provide financial renumeration for locating bugs and security vulnerabilities though I would like to. However, we do welcome responsible disclosure of these bugs and value the work that is put into finding them.


What we do offer.

I understand that it's perhaps not much but we do offer notoriety, a place to display what you have found. Any bugs located on any of my sites I will list your name/handle here with the vunrability you have located and its potential impact.


Estimated CVSS Name/Handle Vulnerability Potential
6.1 [CVE-2019-11358] Nilesh Agrawal Koyo Prototype Pollution Attack Crash Online Store
5.0 [CVE-2021-35237] Sakshi Patil Clickjacking Highjack users intended clicked links
3.5.0 [CVE-2022-38796] Alan Jose Host Header Injection Serverside misdirection if incorrectly referenced
3.5 [CWE 1321] Devansh Chauhan Prototype Pollution Out of date and potentially vulnerable jquery package
1.5 [CWE NA] Vijay Sutar Subdomain SPF Subdomain SPF records for email unhandled.

Whats CVSS? It's an open industry standard for assessing the severity of computer system security vulnerabilities between 1 and 10.


Disclose Here

Please use the email below to outline what you have found. Send Email.

Please remember to include;