Vulnerability Reporting Guidelines

Submit the form below if you have found any potential vulnerability in Salesmate meeting all the below mentioned criteria.
Please refrain from doing security testing in existing customer accounts.
When conducting security testing, make sure not to violate our terms of use or privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade the user experience.
You’re allowed to disclose the discovered vulnerabilities only via the form by documenting any potential In/Out of scope.
Exposing vulnerability to the public is against our responsible disclosure policy.

Exclusions

While researching, we’d like to ask you to refrain from the following list as these issues will be closed as Not Applicable:

Denial of service
Spamming
Unconfirmed reports from automated vulnerability scanners
Disclosure of server or software version numbers
Mobile application issues that can only be exploited on a compromised device.
Open HTML redirects
Arbitrary file upload – CDN
Issues with DNS records such as SPF, DKIM or DMARC
Insufficient Password Policy Implementation
Use of HTTP Strict Transport Security (HSTS)
You must not attempt to gain access to, or interact with, any accounts other than those created by you.
The use of commercial scanners is prohibited (e.g., Nessus).
Social engineering (including phishing) of Salesmate’s staff or contractors
Any physical attempts against Salesmate’s property or data centers

All bugs that are reported are qualified based on their impact on customer’s production data.

We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.

Salesmate will define the severity of the issue based on the impact and the ease of exploit.