Report Security Issues

Report Security Issues

If you鈥檝e found a security vulnerability on, we encourage you to message us immediately. we鈥檒l review all legitimate vulnerability reports聽and can聽do our utmost to quickly resolve the matter . Before you report, please review this document, including fundamentals , bounty program, reward guidelines, and what聽shouldn鈥檛聽be reported.


If you suits the principles below when reporting a security issue to 9heritages.com聽we鈥檒l not initiate a lawsuit or enforcement investigation against you in response to your report.

We ask that:

1.You give us reasonable time to review and repair聽a haul聽you report before making public any information about the report or sharing such information with others.

2.You don鈥檛 interact with聽a private聽account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.
You make an honest faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction聽of knowledge聽and interruption or degradation of our services.

4.You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, like attempted compromise of sensitive company data or trying to hunt out additional issues.)

5.You do not violate聽the other聽applicable laws or regulations.


We recognize and reward security researchers who help us keep people safe by reporting vulnerabilities in our services. Monetary bounties for such reports are entirely at 9heritages.comdiscretion, supported risk, impact, and other factors. To potentially qualify for a bounty, you initially聽got to聽meet subsequent requirements:

1.Adhere to our fundamentals (see above).

2.Report a security bug: that鈥檚 , identify a vulnerability in our services or infrastructure which creates a security or privacy risk. (Note that 9heritages.comultimately determines the danger of聽a drag聽, which many bugs aren鈥檛 security issues.)

3.Submit your report via our security center. Please don鈥檛 contact employees.

4.If you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations, or other confidential information) while investigating聽a haul聽, inform disclose this in your report.

5.We investigate and answer all valid reports.聽because of聽the number聽of reports we receive, though, we prioritize evaluations supported risk and other factors, and it鈥檚聽going to聽take聽a fast聽time before you receive a reply.

6.We reserve聽the proper聽to publish reports.


Our rewards are supported the impact of a vulnerability. we鈥檒l update the program over time supported feedback, so please give us feedback on any聽an area聽of the program聽you think that聽that that that that we鈥檒l improve on.

1.Please provide detailed reports with reproducible steps. If the report isn鈥檛 detailed enough to breed the matter , the matter won鈥檛 be eligible for bounty.

2.When duplicates occur, we award聽the primary聽report that we鈥檒l completely reproduce.

3.Multiple vulnerabilities caused by one underlying issue聽are becoming聽to be awarded one bounty.

4.We determine bounty reward supported聽a selection聽of things , including (but not limited to) impact, simple exploitation, and quality of the report. We specifically note the bounty rewards, these are listed under.

5.Amounts below are the utmost we鈥檒l pay per level. We aim to be fair, all reward amounts are at our discretion.聽Critical severity Vulnerabilities ($200): Vulnerabilities that cause a privilege escalation on the platform from unprivileged to admin, allows remote code execution, financial theft, etc.


路Remote Code Execution
路Remote Shell/Command Execution
Vertical Authentication bypass
路SQL Injection that leaks targeted data
路Get full access to accounts

High severity Vulnerabilities ($100): Vulnerabilities that affect聽the safety聽of the platform including the processes it supports.


路Lateral authentication bypass
路Disclosure of important information within聽the corporate
路Stored XSS for聽a further聽user
路Local file inclusion
路Insecure handling of authentication cookies

Medium severity Vulnerabilities ($50): Vulnerabilities that affect multiple users,聽and need聽little or no user interaction to trigger.


路Common logic design flaws and business process defects
路Insecure object of the verb References

Low severity Vulnerabilities: Issues that affect singular users聽and need聽interaction or significant prerequisites (MITM) to trigger.


路Open redirect
路Reflective XSS
路Low sensitivity Information leaks

Customer contact 24/7
Phone : +1234567890
Mail :聽[email protected]
Address :聽7158 Tannehill Dr, Pensacola, FL, 32526, United States