📎Making Submissions


  • Introduction: When submitting a report, it is essential to provide comprehensive details to help the reviewing team understand and validate the vulnerability. This ensures a thorough assessment and appropriate action.

  • Purpose: Detailed reports facilitate accurate validation, efficient remediation, and appropriate rewarding of the vulnerability.


  • Required Details for Report Submission:

    1. Title:

      • Provide a concise and descriptive title for the vulnerability.

      • Example: "SQL Injection in Login Page"

    2. Target:

      • Specify the target application, page, or endpoint where the vulnerability was found.

    3. Severity:

      • Assess the severity level of the vulnerability (Low, Medium, High, Critical).

      • Example: "High, Low, etc"

    4. Vulnerability Type:

      • Select the type of vulnerability (e.g., SQL Injection, Cross-Site Scripting, etc.).

      • Example: "SQL Injection, Buffer Overflow, Insecure API etc."

    5. Description:

      • Provide a detailed description of the vulnerability.

      • Include relevant information to understand the context and nature of the issue.

    6. Steps to Reproduce:

      • List the detailed steps to reproduce the vulnerability.

      • Ensure clarity and precision for the reviewing team to follow.

      • Example:

        1. Go to the login page.

        2. Enter ' OR '1'='1 in the username field.

        3. Enter any value in the password field.

        4. Submit the form and observe successful login.

    7. Potential Impact:

      • Explain the potential impact and consequences of the vulnerability if exploited.

      • Example: "An attacker can gain unauthorized access to user accounts, compromising sensitive information."

    8. Recommendation:

      • Provide suggestions for fixing the vulnerability.

      • Example: "Use prepared statements to prevent SQL Injection."

    9. Screenshots:

      • Attach relevant screenshots to support your findings.

      • Include visual evidence of the vulnerability and steps to reproduce.


  • Clarity: Ensure all information is clear and easy to understand.

  • Completeness: Provide all required details to avoid delays in the review process.

  • Accuracy: Verify all information before submission to prevent errors.

Common Issues and Solutions:

  • Incomplete Reports:

    • Double-check the report for all required details before submission.

    • Use the provided guidelines and examples as a reference.

  • Unclear Descriptions:

    • Be as descriptive as possible.

    • Include relevant technical details and context.


  • What if I am unsure about the severity level?

    • Provide your best assessment and mention any uncertainties in the description.

  • Can I update my report after submission?

    • Yes, you can update your report before it is reviewed. Contact support if you need assistance.

Contact Support:

  • If you encounter any issues, please reach out to our support team at support@comolho.com.

Last updated