Hall of Fame
A token of appreciation to security researchers who help keep Koppa and our platforms safe.
We would like to thank the following individuals for their responsible security disclosures.
| Reporter | Issue | Date Reported | Status |
|---|---|---|---|
| Harishwar | Clickjacking vulnerability affecting pages on multiple sales websites | April 2025 | Fixed |
| Gaurang Maheta | Possible denial of service when entering a long password | June 2025 | Fixed |
| Mudassir Aijaz | Session not expiring on password change across browsers/computers | July 2025 | Fixed |
| Parth Narula | Stored XSS in First Name field and cache control issue on registration and account pages | August 2025 | Fixed |
| Vaibhav Jain | Hyperlink Injection Vulnerability Bypass at Signups | August 2025 | Fixed |
| Shivang Singhal | Improper Cache Control | August 2025 | Fixed |
| Team-DisclosureX Cybrgen | Possible denial of service when entering a long password | August 2025 | Fixed |
| depthdefense | Stored XSS via unsanitized user input | January 2026 | Fixed |
| Harishwar | CSRF on user profile update | January 2026 | Fixed |
| Mukesh Bhatt | Punycode email validation flaw (account takeover) | January 2026 | Fixed |
| Sahil Kushwaha | Stored XSS in Add Alloy functionality | January 2026 | Fixed |
Are you the first? Read our disclosure policy →