Eligible Vulnerabilities

We encourage the coordinated disclosure of the following eligible web application vulnerabilities:

  • Authentication/Authorization
  • Cross-site scripting (XSS)
  • Cryptography
  • Cross-site request forgery (CSRF) in a privileged context
  • HTTP response splitting
  • Injection vulnerabilities
  • Information leakage
  • URL redirector abuse
  • Others, Including:

    • Server-side code execution/remote code execution
    • XML attacks
    • Directory traversal
    • Significant security misconfiguration