Honorable Mentions
Hall of Fame
Honorable Mentions
If you come across any vulnerabilities, please don't hesitate to contact us at security@axya.co. Your vigilance is crucial to our ongoing commitment to maintaining a secure environment.
2025
Omri, who reported a Subdomain Takeover Vulnerability (High Severity): The vulnerability allowed an attacker to hijack unused domain, potentially leading to phishing, and malicious content hosting. This issue has been promptly mitigated.
Harsh Maheta, who reported a Missing X-Frame-Options Header, Missing Content-Security-Policy (CSP), and a Weak Cipher usage on a subdomain: The headers were missing on our main production server. The CSP was correctly configured in preproduction but wasn’t deployed to production. The weak cipher was found on one of our subdomains. These issues, which could expose the platform to clickjacking, content injection, and weakened encryption, were promptly fixed following the report.
2023
Shubham Bothra who reported an Open Redirect Vulnerability (Low Severity): The vulnerability allows for redirection to external websites, but it has limited impact on the security of the system.
2022
Vipul Sahu who reported an Exif Data Exposure and Session Fixation (Low Severity): These vulnerabilities, while identified, have minimal potential for security risks, and appropriate measures have been taken to mitigate their impact.
Any question?
Contact us if you have any questions regarding our platform security or if you suspect you have found any vulnerability in our application.