Statuspage launched in 2013 to give companies a better way to be more transparent with their customers. We recognize managing a status page outside of one’s own infrastructure can be a hassle, and hope to increase the transparency of the web by making it easier to do so.
Before you begin, please read and understand the Standard Disclosure Terms.
Below is a list of some of the vulnerability classes that we are seeking reports for:
- Server-side Remote Code Execution (RCE)
- Server-Side Request Forgery (SSRF)
- Stored/Reflected Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- SQL Injection (SQLi)
- XML External Entity Attacks (XXE)
- Access Control Vulnerabilities (Insecure Direct Object Reference issues, etc)
- Path/Directory Traversal Issues
Ensure you review the out of scope and exclusions list for further details.
Please visit https://manage.statuspage.io/security-researcher to identify yourself as a security researcher, this will give you a free account for a month. You'll need to create an account and log in to view this page.
Scope and rewards
|Technical severity||Reward range|
|p1 Critical||Up to: $3,000|
|p2 Severe||Up to: $900|
|p3 Moderate||Up to: $300|
|p4 Low||Up to: $100|