Security is one of PrestaShop’s core values. We believe that working with
skilled security researchers across the globe is crucial in identifying
weaknesses in any technology. If you believe you've found a security issue in
our products or services, we encourage you to notify us. This Policy sets out
the rules under which we expect the research and reporting of vulnerabilities
to be conducted, as well as what you can expect from us in return.
If you have discovered a security vulnerability in our program, we appreciate
your help in disclosing it to us in a responsible manner.
PrestaShop is an immensely feature-rich, open source e-commerce solution which
you can use to run stores in the cloud or via self-hosting. It's currently
used by hundreds of thousands of shops worldwide and is available in 75
different languages.
Our software is open source and is available on
GitHub.
Vulnerabilities reported on other services or applications owned by PrestaShop
are currently not eligible for monetary reward and will be handled as a
responsible disclosure. As they come into scope, they will be added to this
section.
This program targets Prestashop's core and Prestashop's proprietary modules:
in-scope modules are those listed
here
with prefix prestashop/*
Testings shall be conducted on the latest version available ; we will provide and maintain a changelog.txt on the program to keep you updated.
We intend to respond and resolve reported issues as quickly as possible, depending on our workload and the severity of the issue. Please provide a reasonable amount of time to fix the issue and release patched version before any disclosure to the public.)
Scope Type | Scope Name |
---|---|
web_application | https://github.com/PrestaShop/PrestaShop |
Scope Type | Scope Name |
---|---|
undefined | Any asset, module or domain not listed in the scope |
This program crawled on the 2020-07-23 is sorted as bounty.
FireBounty © 2015-2021