Bug Bounty Submission Template

Reporter Information

Name: [Your Name]
Email: [Your Email]
Handle/Username: [Your Handle]

Vulnerability Overview

Title: [Brief, descriptive title of the vulnerability]
Severity: [Critical/High/Medium/Low]
CVSS Score: [If calculated]
Date Discovered: [MM/DD/YYYY]

Technical Details

Description

[Provide a clear, concise description of the vulnerability. Explain what the issue is and why it's a security concern.]

Affected Components

• URL(s): [List affected endpoints, pages, or features]

• Application version: [If applicable]

• Operating system/platform: [If relevant]

• Browser/client: [If web vulnerability]

Steps to Reproduce

1. [Step 1]

2. [Step 2]

3. [Step 3] [Continue as needed with clear, numbered steps that allow the security team to recreate the issue]

Proof of Concept

[Include any code samples, scripts, or commands used to exploit the vulnerability. If a multi-step process, be explicit about each step.]

[Sample code or payload if applicable]

Impact

[Explain the potential consequences if this vulnerability were to be exploited. Be specific about what an attacker could potentially access or actions they could take.]

Supporting Materials

• [Screenshots (annotated if helpful)]

• [HTTP request/response logs]

• [Video demonstration (link if file too large)]

• [Other relevant files or evidence]

Suggested Mitigation

[If you have recommendations for how to fix the issue, include them here. This is optional but appreciated.]

Additional Notes

[Any other information that might be helpful, including related vulnerabilities, unusual circumstances, or alternative attack vectors.]

Disclosure Timeline

• Date discovered: [MM/DD/YYYY]

• Date reported: [MM/DD/YYYY]

• Additional communications: [List dates of any follow-ups]

I have read and complied with the bug bounty program policies and have conducted all testing in accordance with responsible disclosure practices.