The Reachdesk team are always working to improve the security of our products and services.

Have you discovered a security vulnerability? Disclose it to us by emailing us at security [@]

What Vulnerability Information Are We Looking For?

When submitting an issue, please provide a technical description that allows us to assess exploitability and impact of the issue, and include the following where appropriate:

  • Provide steps and any additional information we may need to reproduce the issue.
  • If you are reporting cross-site scripting (XSS), your exploit should at least pop up an alert in the browser. It is much better if the XSS exploit shows the user's authentication cookie.
  • For a cross-site request forgery (CSRF), use a proper CSRF case when a third party causes the logged-in victim to perform an action.
  • For a SQL injection, we want to see the exploit extracting database data, not just producing an error message.
  • HTTP request / response captures or simply packet captures are also very useful to us.

Please refrain from sending us links to non-Reachdesk websites.