Web.com
- Points – $3,000 per vulnerability
- Up to $5,000 maximum reward
Web.com provides many services and products targeted at small and medium sized businesses. This program is set up to target three of our main storefront applications (namely www.web.com, www.register.com, and www.networksolutions.com). Accounts can be provisioned via the public-facing sites by working through the purchase flows.
Rating/Rewards
The program relies on CVSS to evaluate impact and determine reward allocations. It is essential to highlight that the priority of a vulnerability might be altered due to its likelihood or impact.
| CVSS Score | VRT Classification |
|---|---|
| 9.0-10.0 | P1-Critical |
| 7.0-8.9 | P2-High |
| 4.0-6.9 | P3-Medium |
| 2.0-3.9 | P4-Low |
| 0.0-1.9 | P5-Informational |
We reserve the right to make any final determination of rating levels for any reported vulnerability.
- Interacting with real customers or real customer accounts is forbidden.
- When a vulnerability consists of different parameters but having the same endpoint, please group this together in the same report else will be considered as duplicate.
- Multiple vulnerabilities caused by one underlying issue will be awarded one bounty. (Ex: Centralized vulnerable parameters)
- Cross-Site Scripting (XSS) attacks are considered at maximum a medium severity.
Scope and rewards
Program rules
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.