The tem. engineering team takes the security of our software seriously. If you believe you have found a security vulnerability in any repository owned by tem-energy ltd., we encourage you to let us know straight away. We will investigate all legitimate reports and do our best to quickly fix the problem.

• Click-jacking on pages with no sensitive actions.
• Unauthenticated/logout/login CSRF.
• Attacks requiring MITM or physical access to a user's device.
• Attacks requiring social engineering.
• Any activity that could lead to the disruption of our service (DoS).
• Content spoofing and text injection issues without showing an attack vector or without being able to modify HTML/CSS.
• Email spoofing.
• Missing DNSSEC, CAA, CSP headers.
• Lack of Secure or HTTP only flag on non-sensitive cookies.
• User enumeration.

To help us better understand the nature and scope of the issue, please include as much of the following information as possible in your report:

• Description of the vulnerability and its potential impact.
• Step-by-step instructions to reproduce the issue.
• Affected versions and configurations.
• Any possible mitigation or workarounds that you have identified.

After you submit a report, we will endeavor to:

• Respond to your report within 7 business days to acknowledge receipt.
• We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
• Provide an estimated time frame for addressing the vulnerability.
• Notify you when the issue is resolved.

We strive to resolve all problems as quickly as virtually possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

Thank you for your contributions!