LiveAgent Bug Bounty Program
LiveAgent aims to keep its service safe for everyone, and data security is of utmost importance. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us privately and giving us an opportunity to fix it before publishing technical details.
LiveAgent will engage with security researchers when vulnerabilities are reported to us as described here. We will validate, respond, and fix vulnerabilities in support of our commitment to security and privacy. We won’t take legal action against, suspend, or terminate access to the Service of those who discover and report security vulnerabilities responsibly. LiveAgent reserves all of its legal rights in the event of any noncompliance.
Share the details of any suspected vulnerabilities with the LiveAgent Development Team at email@example.com. Please do not publicly disclose these details outside of this process without explicit permission. In reporting any suspected vulnerabilities, please include as much information as possible. If you want to submit multiple reports at once, please submit only one report (the most important if possible) and wait for a response.
We are pleased to offer a bounty for vulnerability information that helps us protect our customers as a thanks to the security researchers who choose to participate in our bug bounty program. The regular bounty reward is $50 per bounty submitted and verified by our dev team.
We will only reward the first reporter of a vulnerability. Any duplicate reports will not be rewarded.
You may only test against a LiveAgent Account for which you are the Account Owner or an Agent authorized by the Account Owner to conduct such testing. For example:
We will reward you for the following types of vulnerabilities:
- Remote Command Execution (RCE)
- SQL Injection
- Broken Authentication
- Broken Session Management
- Access Control Bypass
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Open URL Redirection
- Directory Traversal
Reports of when an attacker can only threaten his own account will not be rewarded with a bounty. XSS caused by an Admin will not be rewarded with a bounty.
Found a security issue?
If you think you have found a security issue or bug..