Thank you for making the Internet a safer place. We do not run any official bug bounty programme. However, we may choose to consider a token of appreciation for new high severity and high impact vulnerability, based on internal assessment.
To report a vulnerability, please email to security@myfave.com, this will ensure the information is protected internally.
Include the following details in the email:
1) Category
2) Specific vulnerability name
3) Potential affected areas/functions
4) Brief description
5) POC
For #1, #2, and #3, please refer to https://bugcrowd.com/vulnerability-rating-taxonomy. It will help us understand the vulnerability faster and prioritise accordingly. Please note that our prioritisation and ratings may vary from the Vulnerability Rating Taxonomy.
Please refrain from any public disclosure at any given time unless we have consented.
Thanks again for helping us protect our users and merchants.