Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

kohls

BugcrowdView on Bugcrowd
RawAI Enhanced
4
In Scope
29
Out of Scope

In-Scope Assets (4)

AssetCategoryBountyQuick Links
Kohl’s entire public digital footprint that is not Out-Of-Scope(See list below)OTHERNo-
https://www.kohls.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
https://www.kohls.com/feature/app.jspIOSNo-
https://www.kohls.com/feature/app.jspANDROIDNo-
Out-of-Scope Assets (29)
AssetCategoryBounty
*kohls.com/checkout/prequal_inquiry.jsp#/preQualEligibleURLNo
*kohls.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooterURLNo
*kohls.com/kohlscredit/prequalURLNo
*kohlsecommerce.com/checkout/prequal_inquiry.jsp#/preQualEligibleURLNo
*kohlsecommerce.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooterURLNo
*kohlsecommerce.com/kohlscredit/prequalOTHERNo
*qa*.kohls.comURLNo
any domain with archaius.json endoint is out of scopeURLNo
apply.kohls.comURLNo
author-mykohls.kohls.comURLNo
author-qa65-mykohls.kohls.comURLNo
author-stage65-mykohls.kohls.comURLNo
connection.kohls.comURLNo
corporate.kohls.comURLNo
developer.kohls.comURLNo
http://www.b2b.kohls.comURLNo
kconnect.kohls.comURLNo
kohlsmerch.kohls.com/URLNo
lclive.kohls.comURLNo
link-preprod.kohls.comURLNo
mykohls-origin.kohls.comURLNo
mykohls.kohls.comURLNo
origin-stage65-corporate.kohls.comURLNo
origin-stage65-mykohls.kohls.comURLNo
productchampions.kohls.comURLNo
stage65-corporate.kohls.comURLNo
stage65-mykohls.kohls.comURLNo
vp-*.kohls.comURLNo
wfh*.kohls.comURLNo