Bug Bounties

Vanilla

Powered by: 

Allows bounty splitting: 

Average time to first program response: 267

Average time to bounty awarded null: 0

Average time to report resolved: 121

Handle vanilla

Managed program: false

Name: Vanilla

Offers bounties: true

Offers swag: true

Response efficiency percentage: 67

Submission state: open

Url: https://hackerone.com/vanilla

Website: http://vanillaforums.com

In scope:

  • Asset identifier: *.vanillacommunities.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This domain contains customer sites and may be used for validation, but it is not intended or desired that direct exploitation is conducted here. *.vanillastaging.com is a better place for this.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.vanillacommunity.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This domain contains customer sites and may be used for validation, but it is not intended or desired that direct exploitation is conducted here. *.vanillastaging.com is a better place for this.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.vanilladevelopment.com
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This domain contains development instances and is a good place to perform testing and to search for exploits.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.vanillaforums.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: See specific subdomain exclusions for third-party hosted assets.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.vanillastaging.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This domain contains staging instances and is a good place to perform testing and to search for exploits.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://github.com/vanilla/addons
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/vanilla/community
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/vanilla/vanilla/
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical