Vulnerability and security incident reporting

Your role, our security

At NumSpot, security is at the heart of our approach. We are certified and designed to meet the strictest requirements.

Because security is everyone’s business, we strongly encourage the reporting of any vulnerability or incident you may discover on our platforms or services. Your help is essential to guarantee the excellence and protection of our platform.

You can anonymously report every security incident you encounter; personal identification fields are optional.

How do I report a security incident?

Your feedback is invaluable to us. To report a security vulnerability or incident, please contact us via the form above.

Warning: If you receive an email claiming to be from NumSpot (or one of our partners) and you have doubts about its authenticity (phishing attempt), do not click on any links or attachments.

How to write an effective vulnerability report

To help our teams analyze and resolve the vulnerability as quickly as possible, your report must be clear and detailed. Please include the following information:

TitleOWASP-A3 Cross-Site Scripting (XSS)
Description 

A malicious person can trigger an XSS.

Origin of the vulnerabilityThe filtering is not correct: the description section is left under user control.
Reproduction (PoC) 
  1. Log in to your Cockpit account.
  2. Click on the Instances icon.
  3. Enter the following value in the Documentation section: <script>alert</script>.
Attack scenarioAn attacker forges the link and sends it to other users.
Recommandations 

It would be wise to more effectively filter tag beginnings by passing them to the appropriate function.

Endpoint (URL) https://api.eu-west-2.numspot.com/openapi
Attachments Xss.png
Terms of use
Personal data protection
Cookie policy

© Copyright NumSpot

Offres packagées

Découvrez les offres que nous avons bâties avec nos partenaires technologiques.

Ressources
Products

See all the offers and availabilities
Management and operations
Security and identity
Database
Storage
Network
Containers
Compute
Developers

Solutions

Secteur public
Santé
Services financiers et assurance
OSE et OIV
Offres packagées

Cas clients
Partners
Pricing
Actualités
Carrières
FR
Contact us
NumSpot
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.