Please review the following guidelines before submitting your report:
DO include technical details about your finding, proof-of-concept URL(s), screenshots and reproducible steps. If the report is not detailed enough to reproduce the issue, triage will be delayed and the issue may not be eligible for a reward.
DO submit one vulnerability per report (unless you need to chain vulnerabilities to provide impact). Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
DO NOT use social engineering (e.g. phishing, vishing, smishing) techniques.
DO NOT test existing merchant’s stores without explicit permission from the owner. Researchers may perform their testing against their own local installations.
DO NOT cause potential or actual denial of service of safefive/Paddox GmbH applications and systems.
DO NOT use an exploit to view data without authorization or cause corruption of data.
DO make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.