Comma Separated Values (CSV) injection without demonstrating a vulnerability.Previously known vulnerable libraries without a working Proof of Concept.Attacks requiring MITM or physical access to a user's device.Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions.Clickjacking on pages with no sensitive actions.The following issues are considered out of scope: When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. DoS and brute-forcing our endpoints are out of scope. Please refrain from using any brute-forcing or dynamic scanning tools that will cause harm to Loom.Only interact with accounts you own or with explicit permission of the account holder. Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.phishing, vishing, smishing) is prohibited. Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward. Please provide detailed reports with reproducible steps.Follow HackerOne's disclosure guidelines.Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party.The more information you provide, the quicker Loom will be able to validate the issue. Provide as much information as possible about the potential issue you have discovered. If anyone can suggest something I may have missed please advise.You're about to submit a report to Loom. Happy to engage directly on your Support channel but hope this puts my note in context for others. However, does this mean they should all just work as before or are there things I should watch out for? I have around 20 sites with Formloom3 on them and it would be great if we did not have to worry that if we open them in RW then the forms might break. We don’t seem to have any Formloom 3 pages anymore they all got automatically upgraded. They also now won’t send emails with the settings we used to have in Formloom3. The forms already there that were set up with Formloom 3 should work as normal? Our use-case was, we opened the site in RW to add some content unrelated to Formloom, and then after publishing noticed the forms had changed as advised above. If I have got this wrong please advise, but am I right in thinking that after upgrading to Formloom4, on opening a site and doing some edits (not Formloom related). Formloom 4 also looks very promising my issues aside. I really liked Formloom3 and certainly don’t want others in the community to think I have issues with your support etc. Hence the shout-out to the community to see if I may have missed anything or if perhaps my expectations are misaligned. I have not seen anyone else advising of issues on upgrade so it probably is me. Our form layouts have changed seems it happened in the upgrade process and the style facility is not updating, nor are the forms sending emails (settings remain unaltered from F元). To confirm - after a forced RW reboot etc and publishing a few times the registration issue seems to have gone away on the site I am testing. But not necessarily assuming your software is at fault. I am working on basis that it may well be me that is at issue here.Īlso I do have a ticket 27161.
0 Comments
Leave a Reply. |