Documentation
Bug Bounty
We value the help of security researchers in finding vulnerabilities. If you discover an issue — report it and receive a reward.
The reward amount is discussed individually and depends on the severity of the vulnerability and its impact on system security.
General Terms
  • The program is open to all researchers
  • Only vulnerabilities in the production environment are considered
  • Reward is paid for the first report of a vulnerability
  • Disclosing vulnerability information before it is fixed is prohibited
  • We guarantee a response within 3 days
  • Payments are only possible to accounts in the Russian Federation
Reward Amounts
The payout amount is determined individually with the report author based on the severity of the vulnerability and its impact on system security. The maximum payout amount is 100,000 rubles.
How to Report a Vulnerability
  1. Send a detailed description to support@xsdb.cloud
  2. Include in your report:
    • Description of the vulnerability
    • Steps to reproduce (proof of concept)
    • Impact on the system
    • Possible exploitation scenarios
  3. Wait for confirmation of receipt
  4. We will analyze and inform you about the fix timeline
  5. After the fix, receive your reward
Exclusions
Reward is not paid for:
  • Spam, phishing, social engineering
  • DoS/DDoS attacks
  • Vulnerabilities in third-party services and libraries
  • Issues already known to us or already fixed
  • Self-fixing vulnerabilities without prior agreement
  • Lack of real security impact
  • Results from automatic scanners without exploitation proof
📌 Contact: support@xsdb.cloud