Vulnerability Report

Thank you for opting to provide responsible and helpful information about potential vulnerabilities in Acora CMS. We take very report seriously and aim to address critical issues as quickly as possible. We appreciate your assistance in making the Internet a better and safer place.

Vulnerability Report Form
    Your Details

    Please provide as much information about yourself as possible. Although we will investigate every reported issue thoroughly, it's very helpful if we are able to verify your identity and credentials to aid our analysis.

    4. Please provide the URL or ID of a social media system where we might be able to connect with you. A professional network is preferred, e.g. GitHub or LinkedIn.
    6. Please list the employer or organisation you represent. If you are an individual or freelance consultant, please indicate this.
    7. Please list your title or responsibility within the organisation you represent.
    Vulnerability Details

    Please provide as much information as you can about the vulnerability you have identified. If you have details that we have not specifically requested, please include those in the Further Information section.

    1. Please provide a one-sentence description of the vulnerability.
    2. If you're unsure, please describe how you discovered this vulnerability and what part of the system you think it appears in.
    3. If you're unsure, please describe how you think someone might use this vulnerability.
    4. If you're unsure, please describe what you think can happen if this vulnerability is exploited.
    5. Which version of Acora CMS did you see the vulnerability in?
    6. Which Acora CMS customer organisation operates the website or app in which this vulnerability exists?
    7. Please identify the website URL or app ID in which the vulnerability was seen.
    8. Acora CMS is available as a licensed product. If you are affiliated with the licensee, please let us know. If not, please be clear about your relationship.
    9. In your opinion, how critical is this vulnerability? This is a required field.
      Please note that we'll make our own assessment of this question, but we'd like to know what you think.
      In your opinion, how critical is this vulnerability? This is a required field.
    10. Classification This is a required field.
      To the best of your ability, please help us classify this vulnerability. Check all that apply.
      Classification This is a required field.
    11. Please provide as much additional detail about the vulnerability as you can. Useful information includes but is not limited to:
      • The browser and devices you have tested
      • The time and date of any issues seen
      • The data used to identify the vulnerability
      • Risk factors relating to the vulnerability
      • Examples of how the vulnerability was used in your tests, if any
      • Let us know if you have any screenshots or files that may be helpful, we may request these are sent to us via a secure system
      • Anything else you can think of
    12. If you have any further comments or questions, please list them here. Let us know if you'd like us to contact you with further details after your report is submitted. Please note that for security, privacy, and commercial reasons we can't commit to provide full information about security issue responses. However we aim to be a communicative and transparent organisation, so we'll do our best to accommodate any request you have.