Index | Column Heading | Required | Unique | Type | Value Constraints | Title/Description |
---|---|---|---|---|---|---|
1 |
affected_parameter
|
Yes | No | String |
Maximum Length: 255 |
The request or form parameter that contains the payload or is otherwise responsible for the vulnerability. |
2 |
affected_users
|
Yes | No | String |
Maximum Length: 2500 |
The users affected by the vulnerability (typically 'admin' or 'user'). |
3 |
attack_string
|
Yes | No | String |
Maximum Length: 10000 |
The payload used to trigger the vulnerability. |
4 |
browser
|
Yes | No | String |
Maximum Length: 2500 |
The specific browser affected by the vulnerability, if relevant. |
5 |
bug_type
|
Yes | No | String |
Pattern: \A(xss|csrf|sqli|clickjack|mobile_net|mobile_device|other)\z |
The type of the bug, if blank will infer from title or proof_of_concept. |
6 |
bug_url
|
Yes | No | String |
Maximum Length: 2500 |
The URI where the vulnerability can be initiated. |
7 |
comment
|
Yes | No | String |
Maximum Length: 10000 |
Internal comment regarding the Submission. |
8 |
extra_info
|
Yes | No | String |
Maximum Length: 10000 |
Additional information provided by the researcher. |
9 |
http_request
|
Yes | No | String |
Maximum Length: 10000 |
The HTTP request that triggers the vulnerability. |
10 |
method_of_finding
|
Yes | No | String |
Maximum Length: 2500 |
How the researcher found the vulnerability. |
11 |
priority
|
Yes | No | Xsd Integer |
Maximum Value: 5 Minimum Value: 1 |
The priority of the vulnerability, 1 denoting the highest priority and 5 denoting a Won't fix. |
12 |
proof_of_concept
|
Yes | No | String |
Maximum Length: 10000 |
A proof of concept provided by the researcher. |
13 |
researcher_email
|
Yes | No | String |
Pattern: \A.+@.+..+\z |
An email address for the researcher who submitted this issue. If provided, we will email the researcher and allow them to claim this submission on Bugcrowd using an account of their choice. |
14 |
submitted_at
|
Yes | No |
DateTime
%d-%m-%Y %H:%M:%S
|
The UTC timestamp at which the submission was received, in the format 'dd-mm-yyyy H:M:s' (please note UTC, not local time). | |
15 |
substate
|
Yes | No | String |
Pattern: \A(new|wont_fix|out_of_scope|not_applicable|not_reproducible|triaged|unresolved|resolved|duplicate)\z |
The current status of the submission. |
16 |
title
|
Yes | No | String |
Minimum Length: 1 Maximum Length: 255 |
The title of the submission. If multiple CSV uploads are desired (e.g. to update data subsequently with another import) this field must not change. |
17 |
tools_used
|
Yes | No | String |
Maximum Length: 2500 |
The tools the researcher used to find the vulnerability. |