Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
xero-vdp-pro
13
In Scope
0
Out of Scope
In-Scope Assets (13)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.api.xero.com | URL | No | ||
| https://apps.xero.com | URL | No | ||
| https://bankaccounts.xero.com | URL | No | ||
| https://central.xero.com | URL | No | ||
| https://fixedassets.xero.com | URL | No | ||
| https://go.xero.com | URL | No | ||
| https://identity.xero.com | URL | No | ||
| https://login.xero.com | URL | No | ||
| https://my.xero.com | URL | No | ||
| https://payroll.xero.com | URL | No | ||
| https://reporting.xero.com | URL | No | ||
| https://www.xero.com/{region}/advisors | URL | No | ||
| https://xero.com | URL | No |
Scope Changes (65)
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://xero.com | URL | In Scope | 22:36 |
| Added | https://go.xero.com | URL | In Scope | 22:36 |
| Added | https://payroll.xero.com | URL | In Scope | 22:36 |
| Added | https://reporting.xero.com | URL | In Scope | 22:36 |
| Added | https://fixedassets.xero.com | URL | In Scope | 22:36 |
| Added | https://my.xero.com | URL | In Scope | 22:36 |
| Added | https://bankaccounts.xero.com | URL | In Scope | 22:36 |
| Added | https://login.xero.com | URL | In Scope | 22:36 |
| Added | https://identity.xero.com | URL | In Scope | 22:36 |
| Added | https://apps.xero.com | URL | In Scope | 22:36 |
| Added | https://central.xero.com | URL | In Scope | 22:36 |
| Added | https://www.xero.com/%7Bregion%7D/advisors | URL | In Scope | 22:36 |
| Added | *.api.xero.com | URL | In Scope | 22:36 |
| Added | https://payroll.xero.com | URL | In Scope | 22:36 |
| Added | https://reporting.xero.com | URL | In Scope | 22:36 |
| Added | https://fixedassets.xero.com | URL | In Scope | 22:36 |
| Added | https://identity.xero.com | URL | In Scope | 22:36 |
| Added | https://apps.xero.com | URL | In Scope | 22:36 |
| Added | https://www.xero.com/%7Bregion%7D/advisors | URL | In Scope | 22:36 |
| Added | https://xero.com | URL | In Scope | 22:36 |
| Added | https://my.xero.com | URL | In Scope | 22:36 |
| Added | https://bankaccounts.xero.com | URL | In Scope | 22:36 |
| Added | https://login.xero.com | URL | In Scope | 22:36 |
| Added | https://central.xero.com | URL | In Scope | 22:36 |
| Added | *.api.xero.com | WILDCARD | In Scope | 22:36 |
| Added | https://go.xero.com | URL | In Scope | 22:36 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://apps.xero.com | URL | In Scope | 19:18 |
| Added | https://www.xero.com/%7Bregion%7D/advisors | URL | In Scope | 19:18 |
| Added | *.api.xero.com | WILDCARD | In Scope | 19:18 |
| Added | https://xero.com | URL | In Scope | 19:18 |
| Added | https://payroll.xero.com | URL | In Scope | 19:18 |
| Added | https://fixedassets.xero.com | URL | In Scope | 19:18 |
| Added | https://bankaccounts.xero.com | URL | In Scope | 19:18 |
| Added | https://login.xero.com | URL | In Scope | 19:18 |
| Added | https://identity.xero.com | URL | In Scope | 19:18 |
| Added | https://central.xero.com | URL | In Scope | 19:18 |
| Added | https://go.xero.com | URL | In Scope | 19:18 |
| Added | https://reporting.xero.com | URL | In Scope | 19:18 |
| Added | https://my.xero.com | URL | In Scope | 19:18 |
| Added | https://fixedassets.xero.com | URL | In Scope | 17:18 |
| Added | https://my.xero.com | URL | In Scope | 17:18 |
| Added | https://bankaccounts.xero.com | URL | In Scope | 17:18 |
| Added | https://login.xero.com | URL | In Scope | 17:18 |
| Added | https://central.xero.com | URL | In Scope | 17:18 |
| Added | https://go.xero.com | URL | In Scope | 17:18 |
| Added | https://payroll.xero.com | URL | In Scope | 17:18 |
| Added | https://identity.xero.com | URL | In Scope | 17:18 |
| Added | https://apps.xero.com | URL | In Scope | 17:18 |
| Added | https://www.xero.com/%7Bregion%7D/advisors | URL | In Scope | 17:18 |
| Added | *.api.xero.com | WILDCARD | In Scope | 17:18 |
| Added | https://xero.com | URL | In Scope | 17:18 |
| Added | https://reporting.xero.com | URL | In Scope | 17:18 |
| Added | https://xero.com | URL | In Scope | 17:18 |
| Added | https://go.xero.com | URL | In Scope | 17:18 |
| Added | https://payroll.xero.com | URL | In Scope | 17:18 |
| Added | https://reporting.xero.com | URL | In Scope | 17:18 |
| Added | https://fixedassets.xero.com | URL | In Scope | 17:18 |
| Added | https://my.xero.com | URL | In Scope | 17:18 |
| Added | https://bankaccounts.xero.com | URL | In Scope | 17:18 |
| Added | https://login.xero.com | URL | In Scope | 17:18 |
| Added | https://identity.xero.com | URL | In Scope | 17:18 |
| Added | https://apps.xero.com | URL | In Scope | 17:18 |
| Added | https://central.xero.com | URL | In Scope | 17:18 |
| Added | https://www.xero.com/%7Bregion%7D/advisors | URL | In Scope | 17:18 |
| Added | *.api.xero.com | URL | In Scope | 17:18 |