For a few programs that do not have program briefs, you can report the vulnerabilities through an email. The customer will provide you with an email address to send the submission to. You must include information such as:
- Summary that provides an idea of what this vulnerability is about.
- Target
- Technical severity based on the Vulnerability Rating Taxonomy
- URL (location of the vulnerability, this is optional)
- Description and impact of the vulnerability including proof of concept and replication steps
- Screenshots or videos
You will receive notification emails from Bugcrowd that informs you about the submission changes until you claim your submission. For more information, see receiving email notifications.
You can claim your submission to receive the reward for the submitted vulnerability. For more information, see claiming your submission.
