Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

vendasta

HackerOneView on HackerOne

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (11)

Asset	Category	Bounty	Quick Links
*.apigateway.co	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
*.vendasta-internal.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
*.yesware.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
customervoice.biz	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
partners.vendasta.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
task-manager.biz	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
your-domain.pdqs.mobi	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
your-domain.smblogin.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
your-domain.snapshotreport.biz	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
your-domain.socialsmbs.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
your-domain.steprep.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Out-of-Scope Assets (6)

Asset	Category	Bounty
Spamming of forms and APIs with automated vulnerability scanners are strictly out of scope	OTHER	No
help.yesware.com	URL	No
roadmap.vendasta.com	URL	No
t.yesware.com	URL	No
www.vendasta.com	URL	No
www.yesware.com	URL	No

Scope Changes (51)

Feb 25, 2026

Change	Asset	Category	Scope	Time
Added	help.yesware.com	URL	Out of Scope	19:12
Added	your-domain.pdqs.mobi	URL	In Scope	19:12
Added	task-manager.biz	URL	In Scope	19:12
Added	*.apigateway.co	WILDCARD	In Scope	19:12
Added	customervoice.biz	URL	In Scope	19:12
Added	your-domain.snapshotreport.biz	URL	In Scope	19:12
Added	spamming of forms and apis with automated vulnerability scanners are strictly out of scope	OTHER	Out of Scope	19:12
Added	t.yesware.com	URL	Out of Scope	19:12
Added	*.yesware.com	WILDCARD	In Scope	19:12
Added	www.yesware.com	URL	Out of Scope	19:12
Added	www.vendasta.com	URL	Out of Scope	19:12
Added	roadmap.vendasta.com	URL	Out of Scope	19:12
Added	*.vendasta-internal.com	WILDCARD	In Scope	19:12
Added	your-domain.socialsmbs.com	URL	In Scope	19:12
Added	your-domain.steprep.com	URL	In Scope	19:12
Added	your-domain.smblogin.com	URL	In Scope	19:12
Added	partners.vendasta.com	URL	In Scope	19:12

Feb 22, 2026

Change	Asset	Category	Scope	Time
Added	customervoice.biz	URL	In Scope	00:42
Added	your-domain.steprep.com	URL	In Scope	00:42
Added	task-manager.biz	URL	In Scope	00:42
Added	www.yesware.com	URL	Out of Scope	00:42
Added	*.vendasta-internal.com	WILDCARD	In Scope	00:42
Added	roadmap.vendasta.com	URL	Out of Scope	00:42
Added	www.vendasta.com	URL	Out of Scope	00:42
Added	*.yesware.com	WILDCARD	In Scope	00:42
Added	*.apigateway.co	WILDCARD	In Scope	00:42
Added	your-domain.snapshotreport.biz	URL	In Scope	00:42
Added	help.yesware.com	URL	Out of Scope	00:42
Added	your-domain.socialsmbs.com	URL	In Scope	00:42
Added	your-domain.smblogin.com	URL	In Scope	00:42
Added	your-domain.pdqs.mobi	URL	In Scope	00:42
Added	partners.vendasta.com	URL	In Scope	00:42
Added	spamming of forms and apis with automated vulnerability scanners are strictly out of scope	OTHER	Out of Scope	00:42
Added	t.yesware.com	URL	Out of Scope	00:42

Feb 21, 2026

Change	Asset	Category	Scope	Time
Added	*.yesware.com	WILDCARD	In Scope	19:12
Added	*.apigateway.co	WILDCARD	In Scope	19:12
Added	*.vendasta-internal.com	WILDCARD	In Scope	19:12
Added	customervoice.biz	URL	In Scope	19:12
Added	your-domain.socialsmbs.com	URL	In Scope	19:12
Added	your-domain.steprep.com	URL	In Scope	19:12
Added	your-domain.smblogin.com	URL	In Scope	19:12
Added	your-domain.pdqs.mobi	URL	In Scope	19:12
Added	your-domain.snapshotreport.biz	URL	In Scope	19:12
Added	partners.vendasta.com	URL	In Scope	19:12
Added	task-manager.biz	URL	In Scope	19:12
Added	www.yesware.com	URL	Out of Scope	19:12
Added	help.yesware.com	URL	Out of Scope	19:12
Added	roadmap.vendasta.com	URL	Out of Scope	19:12
Added	spamming of forms and apis with automated vulnerability scanners are strictly out of scope	OTHER	Out of Scope	19:12
Added	www.vendasta.com	URL	Out of Scope	19:12
Added	t.yesware.com	URL	Out of Scope	19:12