How to Submit a Security Issue to Reachdesk

The Reachdesk team are always working to improve the security of our products and services. 

Have you discovered a security vulnerability? Disclose it to us by emailing us at security [@] reachdesk.com

What Vulnerability Information Are We Looking For?


When submitting an issue, please provide a technical description that allows us to assess exploitability and impact of the issue, and include the following where appropriate:

  • Provide steps and any additional information we may need to reproduce the issue.

  • If you are reporting cross-site scripting (XSS), your exploit should at least pop up an alert in the browser. It is much better if the XSS exploit shows the user's authentication cookie.

  • For a cross-site request forgery (CSRF), use a proper CSRF case when a third party causes the logged-in victim to perform an action.

  • For a SQL injection, we want to see the exploit extracting database data, not just producing an error message.

  • HTTP request / response captures or simply packet captures are also very useful to us.

 

Please refrain from sending us links to non-Reachdesk websites.