Aliexpress

If you believe you have found a vulnerability within an asset relating to AliExpress, please submit it via the Alibaba Vulnerability Disclosure Program.

This is a vulnerability disclosure program and therefore we will not be rewarding bounties on the HackerOne platform. However, If your report has been triaged and validated then you are able to submit a copy of your report to ASRC in order to receive a bounty. Our ASRC site also provides a hall of fame. Please add the prefix [h1-report_id] to the report title when report on ASRC, so that we will know it's from HackerOne. For example: [h1-40111111]Alibaba Reflected XSS on xxx.com.