huntr icon indicating copy to clipboard operation
huntr copied to clipboard

Published 20 hours ago verified publisher icon 418sec

Awarded Bounties Should Be Based On Severity + Adding Bounties Table

Open mdakh404 opened this issue 3 years ago • 1 comments

Hey everyone, i hope you're doing good !

so I'm reporting a CSRF that leads to Account Takeover, i was awarded $5 for it ... is there any change on bounties policy ? and please can you add bounties table to match it with the CVSS provided .. that would be easier for the researcher and the maintainer ..

Thanks & Best Regards,

Moaad

mdakh404 avatar Dec 21 '21 18:12 mdakh404

Hi @mdakh404 👋

Unfortunately, we can't base the reward on the CVSS provided alone, but we are considering asking the maintainer to confirm/amend the CVSS provided and use that as a basis for scoring. But just so that you are aware, this is unlikely to increase the bounty significantly, as the majority of the bounty value comes from the significance (popularity) of the target project.

adam-nygate avatar Dec 27 '21 08:12 adam-nygate