Report a vulnerability
We want to keep our platform safe for our clients, and you can play a big part in this. If you are an ethical hacker or security researcher, we welcome relevant information about security vulnerabilities in our platform. Depending on the severity of the vulnerability, we may offer a monetary reward of between $100 and $1,250. Here is a breakdown of the rewards we offer:
Category | Example | Reward |
Remote code execution/database access |
|
$1,250 |
Logic flaw bugs leaking or bypassing significant security controls |
|
$750 |
Impersonating Easy LMS |
|
$500 |
Execute code on the browser of another admin or participant |
|
$250 |
Other valid security vulnerabilities |
|
$100 |
How to submit a security report
You will need to submit your security report by sending a message to bugbounty@easy-lms.com. Include the following in your message:
- An explanation of the vulnerability backed up with proof, such as screenshots or snippets of code.
- Steps to validate or reproduce the issue.
Our validation process is straightforward from the moment you submit your report:
- Our team of software engineers will review it.
- We will email you to let you know if your report is accepted or rejected.
- If the report is accepted by our team, you will receive payment through PayPal.
Out of scope
Although we appreciate your time and effort, there are reasons why we could reject your contribution, like:
- It is already a known issue for us.
- It is only best practice.
- It is not deemed a vulnerability.
Contact us
For more information or to report a vulnerability, email bugbounty@easy-lms.com. We will respond as soon as possible.