Vulnerability classifications

Below are some of the vulnerability types we use to classify submissions made to the Bounty program.

• Broken Authentication or Session Management
• Cross-Site Request Forgery (CSRF)
• Cross-Site Scripting (XSS)
• Injection
• Insecure Direct Object Reference
• Missing Function Level Access Control
• Security Misconfiguration
• Sensitive Data Exposure
• Unvalidated Redirect or Forward
• Using Components with Known Vulnerabilities
• Other