Responsible Disclosure
Report Security Issue
Use this page to report potential security vulnerabilities affecting ITMart24. Reports should be made responsibly, without exploitation, disruption, or misuse of data.
Responsible disclosure
No exploitation
Evidence required
What to report
- Cross-site scripting, broken access control, authentication flaws, insecure direct object references, or privilege escalation issues.
- Exposure of sensitive data, unintended public access, or material security weaknesses affecting confidentiality, integrity, or availability.
- Other reproducible vulnerabilities that create a meaningful security risk for the platform or its users.
What not to do
- Do not exploit a vulnerability beyond what is reasonably necessary to confirm it exists.
- Do not access, download, modify, delete, or share user data that is not your own.
- Do not disrupt services, perform destructive testing, or use social engineering, spam, or extortion tactics.
Required report details
- A concise summary of the issue and the security impact you observed.
- Step-by-step reproduction details.
- The affected URL, page, endpoint, or feature.
- Screenshots, logs, or other evidence that supports the report.
How to send a report
Send responsible disclosure reports to security@itmart24.com. Please avoid sharing a vulnerability publicly until the issue has been reviewed and addressed.
Security reporting email
Send responsible disclosure reports to security@itmart24.com and include enough detail for the team to reproduce and assess the issue.