Favorite Listings

Legal Information

Responsible Vulnerability Disclosure

Report security vulnerabilities and help us maintain a secure platform. Learn how to responsibly disclose potential issues and protect our community.

Product Security

We are committed to ensuring the safety and security of our platform and protecting our users from fraud and other forms of harm. We greatly value the efforts of security researchers, analysts, and ethical hackers who work to identify and responsibly disclose potential vulnerabilities. Your contributions help us maintain a secure environment for all users.

What Can Be Reported?

We welcome reports of any security vulnerabilities or flaws found on any of our products or services. Common examples include, but are not limited to:

  • Cross-Site Scripting (XSS) vulnerabilities
  • SQL Injection
  • Authentication or authorization flaws
  • Remote code execution
  • Server-side request forgery (SSRF)

While we appreciate all reports, the following issues are considered out of scope and generally not eligible for rewards:

  • Self XSS errors
  • Text injection or local DOM manipulation
  • Email spoofing issues
  • Path disclosure from descriptive errors
  • Fingerprint, IP, or banner disclosure of public services
  • Non-critical Cross-Site Request Forgery (CSRF) issues
  • Rate limiting, Denial of Service (DOS), or Distributed DOS (DDOS) failures
  • Mixed SSL content warnings
  • Physical, social engineering, or phishing exploits
  • Non-sensitive file disclosure (e.g., robots.txt, .gitignore)
  • Brute force issues on non-sensitive endpoints

How to Report a Vulnerability?

To report a vulnerability, please send detailed information to our security team at security@rentalsource.com or use the form on our Contact Us page. Please provide as much detail as possible, including steps to reproduce the vulnerability, potential impact, and any recommended mitigation.

We strive to respond to all vulnerability reports promptly. Once we receive your report, we will acknowledge receipt, investigate the issue, and keep you informed throughout the process.

Guidelines for Responsible Disclosure

  • Do Not Exploit: Please do not exploit any vulnerabilities you discover for personal gain or to disrupt our services.
  • No Modification of Data: Do not modify or delete data on our systems without permission.
  • Avoid Service Disruption: Do not perform any actions that may negatively impact the availability or reliability of RentalSource services, including denial of service attacks or rate-limiting bypasses.
  • Allow Time for Response: Please give us a reasonable amount of time to address the issue before any public disclosure.
  • Respect Privacy: If you choose to report anonymously, we will respect your privacy and will not disclose your identity without your consent.

Anonymous Reports

We accept anonymous reports but prefer to have a way to contact you for follow-up information or to discuss potential rewards. If you choose to report anonymously, please provide a means for us to communicate securely with you. We commit to keeping your identity confidential if requested.

Recognition and Rewards

We value and appreciate the efforts of those who help us keep RentalSource safe. Depending on the severity and impact of the vulnerability reported, we may offer recognition in the form of public acknowledgment, certificates of appreciation, or other rewards. If you prefer to remain anonymous, we will honor that preference.