adam-nygate
commented
2 years ago Hi @mdakh404 👋
Unfortunately, we can't base the reward on the CVSS provided alone, but we are considering asking the maintainer to confirm/amend the CVSS provided and use that as a basis for scoring. But just so that you are aware, this is unlikely to increase the bounty significantly, as the majority of the bounty value comes from the significance (popularity) of the target project.
Hey everyone, i hope you're doing good !
so I'm reporting a CSRF that leads to Account Takeover, i was awarded $5 for it ... is there any change on bounties policy ? and please can you add bounties table to match it with the CVSS provided .. that would be easier for the researcher and the maintainer ..
Thanks & Best Regards,
Moaad