Vulnerability Disclosure Submission Form

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Prior to submitting a vulnerability report, please read and ensure your conduct and report adheres to the City of Boston's Vulnerability Discovery Policy. If you have any questions about this form or the policy, please email doit@boston.gov.

Providing your name and email address are optional. If you share your contact information, the City may reach out to follow up with you about your report.

Name

Vulnerability Category *

Authentication/Session Management

Authorization/Permissions

Brute Force

Content Injection

Cross-site Request Forgery (CSRF)

Cross-site Scripting (CSS)

Cryptography

Fuctional/Business Logic

Information Disclosure

Insufficient Transport Layer Protection/SSL

Remote Execution

Server/Application Misconfiguration

SQL Injection

Other:

Date of Discovery *

YYYY

Approximate Time of Discovery *

Time

Description of Vulnerability and Potential Impact *

Please provide a clear and concise description of the issue. Explain what the vulnerability is, what it affects, and what an attacker could potentially do with it.

Vulnerability Location(s) *

Include hostname or url where applicable.

Validation Steps *

Please provide a clear, detailed explanation of the steps required to reproduce and validate the vulnerability.

Recommended Fix or Remediation Actions

If you have suggestions for resolving the vulnerability, please include them here. This is not required but can be helpful.

Submit

Clear form

Never submit passwords through Google Forms.

This form was created inside of City of Boston.

Does this form look suspicious? Report

Forms