Site.pro
  • Website Builder
    • Website Builder
    • Online Stores
    • Templates
    • Domains
    • Plugins
    • Languages
    • FAQ
    • Affiliate Program
    • Blog
    • Examples
    • For Design Studios
  • Prices
  • Website Import
  • For Resellers
    • White Label
    • Prices
    • Panels
    • How it Works
    • Free Websites
    • Marketing Kit
    • Mass Import
    • Our Partners
    • Free Website Builder
    • Documentation
    • Blog
    • Domainity
    • FAQ
  • Contact Sales
  • Website Builder
    • Website BuilderEverybody can easily make a website, landing page or e-commerce.
    • Online StoresSell your goods or services anywhere on the website
    • Templates200+ Awesome Templates. Responsive Design
    • DomainsBuy domain. Connect Your Domain. Transfer Domain.
    • Plugins
    • Languages
    • FAQ
    • Affiliate Program
    • Blog
    • Examples
    • For Design Studios
  • Prices
  • Website Import
  • For ResellersWhite Label
    • White LabelThe most popular white label tool is ideal for reselling
    • PricesStart reselling. Pay for live websites. Free Websites
    • PanelsOne product for all platforms. Download plugin for your panel
    • How it WorksCloud or On-Premises. Recommendations for Builder Server
    • Free WebsitesUnlimited Quantity of Free Websites
    • Marketing KitUse White Label Marketing Kit To Increase Your Sales
    • Mass Import
    • Our Partners
    • Free Website Builder
    • Documentation
    • Blog
    • Domainity
    • FAQ
  • Contact Sales
  • inputRegister
    Sign Up with Facebook
    Sign Up with Google
    or
  • faceLog In
    Sign in with Facebook Sign in with Google
    or
    Remind password
    A new password will be sent to the specified e-mail address.
    Return to login form
  • $
    • USD — $
    • EUR — €
    • GBP — £
    • BRL — R$
    • PLN — zł
    • INR — ₹
    • TRY — TL
    • AUD — A$
    • CAD — C$
    • CZK — Kč
    • DKK — kr
    • HKD — HK$
    • HUF — Ft
    • ILS — ₪
    • JPY — 円
    • MXN — Mex$
    • NOK — kr
    • NZD — NZ$
    • PHP — ₱
    • RUB — ₽
    • SGD — S$
    • SEK — kr
    • CHF — Fr
    • TWD — NT$
    • THB — ฿
    • CNY — ¥
    • RSD — din
    • BGN — лв.
    • RON — Lei
    • ZAR — R
    • BYN — p.
    • UAH — ₴
    • KZT — ₸
    • CLP — CH$
  • English
    • العربية
    • Azərbaycan
    • Bahasa Indonesia
    • Bahasa Malaysia
    • Беларуская
    • Български
    • Bosanski
    • Castellano
    • Čeština
    • Dansk
    • Deutsch
    • Eesti
    • Ελληνικά
    • English
    • Español
    • 繁體
    • فارسی
    • Français
    • Հայերեն
    • हिन्दी
    • Hrvatski
    • Italiano
    • עברית
    • 简体
    • ქართული
    • Қазақ
    • Latviešu
    • Lietuvių
    • Magyar
    • Nederlands
    • 日本語
    • Norsk
    • O'zbek
    • ภาษาไทย
    • ភាសាខ្មែរ
    • Polski
    • Português (BR)
    • Română
    • Русский
    • Schweizerdeutsch
    • Slovenčina
    • Slovenščina
    • Srpski
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Украї́нська
    • Wikang Tagalog
    • And additional 2 languages inside Site.pro website builder

Bug Bounty Program

Scope

  • Domains: site.pro (without any subdomains)
  • Registration in bounty program required

Vulnerabilities

  • Unauthorized access to project servers (vulnerabilities that leads to remote code execution RCE);
  • XSS vulnerabilities on the assets with critical functionality (with proven script execution);
  • Server-side vulnerability with information disclosure (for ex. memory leaks or insecure direct object references) of critical or highly confidential data;
  • Authentication bypass or privilege escalation;
  • Injection vulnerabilities;
  • Any other vulnerability that can lead to loss of user privacy.

Issues considered out of scope:

  • Disclosure of non-sensitive information (for ex. project version) and information that does not present significant risk;
  • Reports of missed protection mechanism / best current practice (for ex. no CSRF token, framing/clickjacking protection, tabnabbing) without demonstration of real security impact for user or system;
  • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions;
  • CSRF on self-hosted servers, unless proved to be present on public server;
  • Self-XSS;
  • Attacks requiring MITM or physical access to a user's device;
  • Content spoofing and text injection issues without showing an attack vector;
  • Missing best practices in SSL/TLS configuration or in Content Security Policy;
  • Missing HttpOnly or Secure flags on cookies;
  • Missing email best practices (Invalid, incomplete or missing SPF/DKIM/DMARC records, etc.);
  • Insecure password complexity requirements;
  • Vulnerabilities related to 3rd-party software unless they lead to vulnerability in our scope;
  • Vulnerabilities involving stolen credentials;
  • Phishing and social engenering;
  • Issues that require unlikely user interaction;
  • Publicly disclosed issues.

Program Rules

  • If you think you have found a security vulnerability — please provide us detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • When duplicates occur, we only award the first report that was received.
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
  • Social engineering (phishing and etc.) is prohibited.
  • Vulnerability must be original and previously unreported.
  • Do not perform any attack that could harm the reliability or integrity of our services or data.
  • Avoid scanning techniques that are likely to cause degradation of service to our customers (for ex. DoS, spamming).
  • Refrain from stealing and disclosure user's private information.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Amount of Reward

In determining the amount of payout, we will take into account the level of risk and impact of the vulnerability:

  • Critical: 400—500 EUR (server or database direct access / full access to administrative resources);
  • High: 200—300 EUR (possibility to modify any data of other users);
  • Medium: 100—200 EUR (perform actions on other users behalf / view critical user data like payments or contact details);
  • Low: 10—100 EUR (any other unlikely action from user perspective).

You will receive the funds in your account within 10 working days after providing an invoice.
An invoice must contain the following "Bill to" information:

JSC "Site.pro", Taikos pr. 52C, 91184 Klaipeda, Lithuania
Company code: 304828305
VAT code: LT100011610816
© Site.pro Website Builder. United States, Washington. Terms of Service