Protection and Security
Fixando treats the protection and security of our data and systems very seriously. Our team believes in transparency and cooperation. We therefore welcome and recognize submissions to security@fixando.com from security researchers, should they identify an original and in scope vulnerability.
Submissions are kindly requested to have a detailed description of the issue and the steps that (may be) required to reproduce what was observed.
Please take care to protect our users' privacy, data confidentiality, and integrity. We cannot work with those who violate any laws or regulations, or attempt to exploit a security issue, or access/compromise other user’s data.
Submissions are kindly requested to have a detailed description of the issue and the steps that (may be) required to reproduce what was observed.
Please take care to protect our users' privacy, data confidentiality, and integrity. We cannot work with those who violate any laws or regulations, or attempt to exploit a security issue, or access/compromise other user’s data.
Focus Areas
- Cross-site Scripting (XSS)
- Cross-site Request Forgery
- Server-Side Request Forgery (SSRF)
- SQL Injection
- Remote Code Execution (RCE)
- XML External Entity Injection (XXE) with significant impact
- Access Control Issues
- Authentication Bypass Issues
- Authorization Flaws
- Privilege Escalation
- Directory Traversal Issues
- Sensitive Information Disclosure
- Data Exposure
- Business Logic Vulnerabilities
Out of Scope
The following submission types are considered out of scope:- Denial of service (DoS) attacks
- Findings as reported by automated tools without additional analysis as to how and what is vulnerable
- Vulnerabilities only affecting users of outdated or unpatched browsers
- Spam reports
- Targeted attacks against social media or third party services that Imovendo use (LinkedIn, Facebook etc)
© 2025 - Fixando B.V.
