Security Vulnerability Disclosure

1
Security Vulnerability Reporting Policy
1. Introduction
At Votivate, we recognize the invaluable contributions of the security research community and the public at large in helping us maintain the highest standards of system security. This policy outlines our guidelines for responsible vulnerability disclosure.

2. Responsible Disclosure Guidelines
When researching and reporting vulnerabilities:

Do not cause harm to our users or systems.
Avoid violating privacy, disrupting our services, or destroying data.
Use only official channels (i.e., the provided web form) for vulnerability reporting.
Provide detailed information, allowing us to reproduce and understand the vulnerability.
Do not disclose the vulnerability to third parties or the public until we've had a chance to address it and mutually agree on the disclosure terms.

3. Legal Considerations
Individuals who discover and report vulnerabilities in accordance with this policy:

Will not face legal action from Votivate for their discoveries.
Must comply with all applicable laws in their respective jurisdictions.
Are expected not to engage in any malicious activity or exploit vulnerabilities beyond the extent necessary to demonstrate them.

4. No Compensation Policy
While we value and appreciate your contributions, Votivate currently does not offer monetary rewards or bounties for vulnerability reports. All reports are considered a voluntary contribution to enhance our system's security.

5. Report Handling
Upon submission:

We commit to acknowledging receipt of your report within a reasonable timeframe.
We will review and validate reports in a timely manner.
We might request additional information to understand or reproduce the issue.
While we aim to address vulnerabilities promptly, the time to resolve can vary based on complexity and severity.

6. Confidentiality
All reports and communications are considered confidential. We won't disclose reporters' personal information to third parties without their permission, except as required by law.

7. Agreement
By submitting a vulnerability report, you acknowledge that you have read and agreed to this policy.
2
By submitting a vulnerability report, you acknowledge that you have read and agreed to this policy.* This field is required.
YESNO
3
Name
First Name
Last Name
4
Email
example@example.com
5
Organization
6
Vulnerability Title
7
Description of Vulnerability
Huge
Large
Normal
Small
Ok
Ok
8
How to reproduce the issue.Step-by-step instructions to reproduce the vulnerability. This helps our team validate the vulnerability faster.
Huge
Large
Normal
Small
Ok
Ok
9
URL/Domain/Endpoint
10
Vulnerability Type
Please Select
Please Select
SQL Injection
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Other
11
Severity
Please Select
Please Select
Low
Medium
High
Criticle
12
Tools Used(Optional) did you use specific tools to discover or exploit the vulnerability.
Huge
Large
Normal
Small
Ok
Ok
13
Screenshots or Video
Drag and drop files here
Select files to upload
Max. file size: 10.6MB
Cancelof
14
Scripts, codes, or tools used
Huge
Large
Normal
Small
Ok
Ok
15
Impact DescriptionHow will this affect our tool, security, or other impacts?
Huge
Large
Normal
Small
Ok
Ok
16
Suggested Mitigation
Huge
Large
Normal
Small
Ok
Ok
17
Have you informed other people about this vulnerability?
YESNO
18
Do you plan to disclose this publicly?
YESNO
19
Any other feedback or comments?
Huge
Large
Normal
Small
Ok
Ok
20
Please verify that you are human* This field is required.
Should be Empty: