Vulnerability Disclosure
Policy ExitoWeb Inc

This Vulnerability disclosure policy applies to all Exitoweb’s products. If you have any questions, please contact us via security@escala.com

Our vulnerability disclosure policy

Escala is an all-in-one platform to optimize your marketing and sales where you can build powerful sales funnels that generate quality leads and convert them into loyal clients with all the tools you need integrated in one place. As we process personal and sensitive data, security and trust is always at the top of our priorities so we are always working to improve our product in a way that is as secure as possible. But even with everything that Escala is doing, we remain down-to-earth and acknowledge that a vulnerability can always slip through the cracks. Our Vulnerability Disclosure Policy is one of the ways we uncover potential vulnerabilities. We do this by inviting ethical hackers and security researchers to disclose them. If you find a vulnerability, please let us know so that we can take measures as quickly as possible.

Our promise to you

  • We are happy to respond to any questions via security@escala.com
  • We aim to process your submissions within 2-3 working days
  • We respect the safe harbour clause that you can find below

Your promise to us

  • Use of trial accounts to perform vulnerability research. No real data should be used or affected.
  • Provide detailed and to-the-point reproduction steps.
  • Include a clear scenario. How could this vulnerability impact the solution?
  • Please do not discuss or post vulnerabilities without our consent.

Scope

Applications & endpoints

What we’re looking for

  • Leaking of personal and confidential information
  • Ability to manipulate customer data
  • Ability to manipulate the flow of data between the front-end and back-end
  • Horizontal/vertical privilege escalation
  • Bypassing authentication
  • Bypassing the free trial period
  • Bypassing the restrictions to obtain additional feature packages
  • Bypassing the WAF
  • Bypassing role-based user privileges on a tenant
  • Access to sensitive logging data that could result in sensitive information breach
  • SQLi
  • XSS

What is not allowed

  • Placing malware (virus, worm, Trojan horse, etc.).
  • Copying, modifying or deleting non-trial data in the system.
  • Repeatedly accessing the system or sharing access with others.
  • Using automated scanning tools.
  • Using brute-forcing.
  • Using denial-of-service attacks.

Reporting a vulnerability

Submissions must be forwarded to security@escala.com in English.
They should include (at the very least):
Estimated severity
Targeted domain
Endpoint / vulnerable component
Type of vulnerability
Proof of concept & description
Estimated impact

What to expect after submitting a vulnerability

  • We will typically process your submission within 2-3 working days.
  • You may be contacted for more information.
  • Your findings will be treated as responsible disclosures by default.
  • Submissions may be rejected based on Escala’s perceived business impact.
  • Low-quality reports may not be pursued.
  • If you would like to be recognized for your accurate reporting, we would be happy to do so.

Safe harbor for researchers

ExitoWeb considers ethical hacking research conducted consistently with this policy to constitute ” as authorized” under criminal and civil law. ExitoWeb will not pursue civil action or initiate a complaint about accidental, good faith violations.

If legal action is initiated by a third party against you and you have complied with the policy, ExitoWeb will take steps to make it known that your actions were conducted in compliance and with our approval.

Any questions?

Contact us via security@escala.com

Logotipo de escala

¡Comienza a
impulsar tus ventas
ahora!

Ilustración hombre con cohete en su espalda a punto de despegar haciendo referencia a acelera tus ventas con Escala

Prueba escala






    CelularFijo

    Logotipo de Escala

    ¡Comienza a
    impulsar tus ventas
    ahora!

    Ilustración hombre con cohete en su espalda a punto de despegar haciendo referencia a acelera tus ventas con Escala
    ¡Comienza ahora!






      CelularFijo

      ¡Impulsa tus ventas
      con Escala!

      ¡Comienza Ahora!






        CelularFijo

        Logotipo de Escala

        ¡Comienza a
        impulsar tus ventas
        ahora!

        Ilustración hombre con cohete en su espalda a punto de despegar haciendo referencia a acelera tus ventas con Escala
        Recibe un Demo
        personalizado






          CelularFijo

          Logotipo de Escala

          ¡Comienza a
          impulsar tus ventas
          ahora!

          Ilustración hombre con cohete en su espalda a punto de despegar haciendo referencia a acelera tus ventas con Escala
          ¡Comienza ahora!






            CelularFijo

            Logotipo de Escala

            ¡Comienza a
            impulsar tus ventas
            ahora!

            Ilustración hombre con cohete en su espalda a punto de despegar haciendo referencia a acelera tus ventas con Escala
            Comienza ahora






              CelularFijo

              Logotipo de Escala

              ¡Comienza a
              impulsar tus ventas
              ahora!

              Ilustración hombre con cohete en su espalda a punto de despegar haciendo referencia a acelera tus ventas con Escala
              ¡Comienza ahora!






                CelularFijo

                Escala es una plataforma de automatización de marketing y ventas con un CRM muy
                fácil de usar, diseñada para potenciar el crecimiento de pequeñas y medianas empresas
                en Hispanoamérica. Inspirada en la metodología de éxito de Andrés Moreno y un grupo
                de expertos con más de 100 años acumulados construyendo negocios, Escala integra
                todas las herramientas que necesitas para atraer y convertir clientes fieles.
                Todo está 100% en español.

                2022 © ExitoWeb, Inc. Todos los derechos reservados.

                Términos de servicio

                Política de privacidad