Job&Talent Vulnerability disclosure:
This page is for security researchers interested in reporting application security vulnerabilities found in Job&Talent and its platforms. This is intended for application security vulnerabilities only. Job&Talent works collaboratively with researchers, and asset owners to address cybersecurity vulnerabilities affecting products, software, systems, and infrastructure.
Typical Vulnerabilities Accepted:
OWASP Top 10 vulnerability categories
Other vulnerabilities with demonstrated impact
Typical Out of Scope:
Low impact session management issues
Theoretical vulnerabilities
Informational disclosure of non-sensitive data
Self XSS (user defined payload)
Vulnerability Disclosure Guidelines:
Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
Do not engage in disruptive testing like DoS or any action that could impact the confidentiality, integrity or availability of information and systems
Do not engage in social engineering or phishing of customers or employees
Job&Talent does not offer any compensation for vulnerability disclosures at the moment
Necessary Information for the Disclosure:
Title
Affected product/website
Endpoint
Vulnerable part
Part name
Payload
Technical environment (OS, Browser, Tools, Version, etc)
Details
Optional fields:
Name of the reporter
Email of the reporter