Certain vulnerabilities are considered out of scope and are not eligible for rewards. These include:
- Vulnerabilities in PerimeterX, issues related to removing preview banners or blurs, and self-XSS.
- Vulnerabilities with minimal or no impact, such as CORS misconfigurations on non-sensitive endpoints, and best practice violations.
- Mobile vulnerabilities like sensitive data in URLs when protected by TLS, or lack of certificate pinning.
For a comprehensive list of out-of-scope issues, please refer to the "Out of Scope" section in our VDP at https://www.studocu.com/vdp.html