Sensitive data exposure
XML External Entities (XXE)
Broken Access control
Cross Site Scripting (XSS)
Explanation of vulnerability
Short explanation about the vulnerability and why this is a risk
Step-by-step explanation of the vulnerability
Explain step by step how the vulnerability can be validated. If possible, add screenshots to substantiate it. If you have PGP encryption options, send a PGP encrypted message. Please use the PGP NCSC year.
https://www.ncsc.nl/contact/pgp-key Don't forget to include your own Public PGP key in the field PGP key so that we can reply PGP encrypted messages.
Explain why the vulnerability found is worth reporting.
Domain or IP address to which the vulnerability relates.
Specify the ip address or hostname which is vulnerable.
Public PGP key
If you have PGP encryption options, send a PGP encrypted message. Please use the PGP NCSC year key. https://www.ncsc.nl/contact/pgp-key. Don't forget to include your own Public PGP key in the field "Public PGP key" so we can send you PGP encrypted messages
Information about the processing of your personal data
Providing your name and address information is optional.
If you wish to be eligible for a reward, we need your name and address to send you the reward.
Your data will not be shared with third parties and saved until the report has been processed.
Please, be compliant with the international address standard when you write down your address (http://www.upu.int/en/activities/addressing/postal-addressing-systems-in-member-countries.html).
Why is this data required?
We will use your data, having obtained your permission, because we cannot send you a reward otherwise.
How does your data get processed?
We will use your data to contact you and to send you an reward if you are eligible for a reward. Your personal data will be handled by our own employees. We will not share your personal data with others.
How long do we keep your data?
After processing your report and sending you a reward if you are eligible for it. Your personal data will be destroyed.
What are your rights?
You can find more information about your rights on page
'Privacy' (link opens in new tab).