The Reachdesk team are always working to improve the security of our products and services.
Have you discovered a security vulnerability? Disclose it to us by emailing us at security [@] reachdesk.com
What Vulnerability Information Are We Looking For?
When submitting an issue, please provide a technical description that allows us to assess exploitability and impact of the issue, and include the following where appropriate:
- Provide steps and any additional information we may need to reproduce the issue.
- If you are reporting cross-site scripting (XSS), your exploit should at least pop up an alert in the browser. It is much better if the XSS exploit shows the user's authentication cookie.
- For a cross-site request forgery (CSRF), use a proper CSRF case when a third party causes the logged-in victim to perform an action.
- For a SQL injection, we want to see the exploit extracting database data, not just producing an error message.
- HTTP request / response captures or simply packet captures are also very useful to us.
Please refrain from sending us links to non-Reachdesk websites.