Bug bounty

Hello security researcher! Thanks for considering using your time to help us improve our security.

We don't have an official bug bounty program but do give rewards for disclosing security vulnerability on a case by case basis.

Please use https://app.test.makeplans.net for testing. Do NOT use a production account! Please limit use of any automatic vulnerability scanners. Our website is at https://makeplans.com, it is a static webside that is separate from our application. While it does contain links to the application, and therefore is part of security threats, please do not report any vulnerabilities that are not applicable to static websites.
Report any findings to us.
We respect the time you use to test our security and will treat you and your findings with respect. But please also respect our time. We receive many requests and demand for bug bounty compensation that are not really any security threat. Often such requests stems from automated tools and the researcher fails to understand what is reported (hence it not being a security issue).
Note: we do have some known issues that we are aware of: We offer ways to customise the booking site and admin module with JavaScript. Hence it is possible for an admin with access to add JavaScript to use XSS to hijack other users within the same account. But there is no way for a non-admin to do this or for a customer on the booking site. Also please note that such JavaScript is not executed on sensitive pages such as payment info.

If you have any questions please contact us.

Still need help? Contact Us Contact Us