Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,100,320 coordinated disclosures
670,305 fixed vulnerabilities
1,437 bug bounty programs, 2,861 websites
25,192 researchers, 1,375 honor badges

JSPuzzles Bug Bounty Program

JSPuzzles runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of JSPuzzles

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between JSPuzzles and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

jspuzzles.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

Testing Requirements:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

Possible Awards:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

Sameull     8 October, 2021
    Sameull:
Could you please share your email where I can report the business logic issue? Thank you

  Latest Patched

 19.10.2021 ulakbim.gov.tr
 19.10.2021 societe.com
 19.10.2021 tga.gov.au
 19.10.2021 mydomain.com
 19.10.2021 ipower.com
 19.10.2021 picuki.com
 19.10.2021 filmdaily.co
 19.10.2021 fileforum.com

  Latest Blog Posts

08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty
25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)

  Recent Recommendations

@LangweileDich     20 October, 2021
    Twitter LangweileDich:
Thanks to Chiraq for informing me about data that was publicy accessible and how to fix it.
@sammy2000m     20 October, 2021
    Twitter sammy2000m:
Thanks to mistry4592
our team would like to thank you for finding vulnerability on our website.
@xnih     18 October, 2021
    Twitter xnih:
Thanks to mistry4592 for his report and extra feedback on the issue. He was quick to provide us a link to reproduce the issue when asked!
@AlexisMousset     18 October, 2021
    Twitter AlexisMousset:
Pramod has reported a potential vulnerability on our website.

Thank you!
@LangweileDich     15 October, 2021
    Twitter LangweileDich:
Thanks for letting me know of an abandoned file that needed to be deleted.