Unilever Vulnerability Disclosure Program

At Unilever we meet everyday needs for nutrition, hygiene and personal care with brands that help people feel good, look good and get more out of life.

  • Safe harbor
  • No collaboration
Submit report

Target updated

The following targets have been added and some old URL are updated:
https://www.vaseline.com/au/en/
https://www.equilibra.com/en/
https://rompiendolimites.rexona.com/es-AR/
https://breakinglimits.suredeodorant.co.uk/en-GB/
https://rompiendolimites.rexona.com/es-MX/
https://www.intibiome.com/uk/
https://www.futurolimpo.com.br/
https://www.cleanipedia.com/au/
https://www.cleanipedia.com/gb/
https://lipsync.magnumicecream.com/
https://www.vim.ca/
https://sunsilkgirlgiri.sunsilk.in/onboard/
https://www.getsetclean.in/in/ta/home.html
https://unicornci.unileverservices.com/
https://www.leavefordads.com/
https://www.sharehappy.gr
https://www.biotex.dk/
https://www.fairandlovelyfoundation.com.np
https://www.temizsozluk.com.tr/

Important note- We have been asked by Unilever to discontinue the use of all automated vulnerability scanners on their program. Custom scripts and fuzzing tools are still permitted, but if using them, please keep your traffic to six requests per second or less. Additionally, it’s worth noting that the client already runs automated scans from Acunetix, Zap, Nessus, et al., against the in-scope targets – so using these tools is likely of minimal utility to researchers. As such, please avoid using them unless for targeted, specific testing, and then only at less than six requests per second. Thanks!

Rikash
Rikash