Web.com

  • Points – $3,000 per vulnerability
  • Up to $5,000 maximum reward
  • Safe harbor

Program stats

  • Vulnerabilities rewarded 641
  • Validation within 7 days 75% of submissions are accepted or rejected within 7 days
  • Average payout $806.52 within the last 3 months

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program or engagement does not allow disclosure. You may not release information about vulnerabilities found in this program or engagement to the public.

Web.com provides many services and products targeted at small and medium sized businesses. This program is set up to target three of our main storefront applications (namely www.web.com, www.register.com, and www.networksolutions.com). Accounts can be provisioned via the public-facing sites by working through the purchase flows.

Rating/Rewards

The program relies on CVSS to evaluate impact and determine reward allocations. It is essential to highlight that the priority of a vulnerability might be altered due to its likelihood or impact.

CVSS Score VRT Classification
9.0-10.0 P1-Critical
7.0-8.9 P2-High
4.0-6.9 P3-Medium
2.0-3.9 P4-Low
0.0-1.9 P5-Informational

We reserve the right to make any final determination of rating levels for any reported vulnerability.

  • Interacting with real customers or real customer accounts is forbidden.
  • When a vulnerability consists of different parameters but having the same endpoint, please group this together in the same report else will be considered as duplicate.
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty. (Ex: Centralized vulnerable parameters)
  • Cross-Site Scripting (XSS) attacks are considered at maximum a medium severity.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.