Check that the issue is on mullusi.com pages, static assets, public JSON, headers, sitemap, robots, or security.txt.
Report security issues.
If you find a possible security issue on a public Mullusi website route, report it privately and avoid harm. This page is for safe public-website reports only; it does not authorize testing reserved product services, dashboards, sandboxes, metrics, or private systems.
This route receives reports. It does not authorize access to reserved services, destructive testing, stress testing, or public disclosure before coordination.
Choose the trust surface.
Move between website security, privacy, terms, use rules, and disclosure without losing the current public boundary.
Stop if testing exposes private data, credentials, infrastructure details, or any reserved service boundary.
Attach screenshots only when they do not reveal secrets, private data, or unrelated third-party information.
Mullusi may ask for clarification, safer reproduction, or a repair window before external publication.
In scope
Public pages on mullusi.com, public assets, public JSON files, contact links, sitemap, robots, security headers, and the published security.txt route.
Out of scope
Reserved subdomains, private repositories, mailboxes you do not own, third-party systems, social engineering, denial of service, destructive testing, or attempts to access non-public data.
Report contents
Include the affected URL, reproduction steps, observed impact, browser details if useful, screenshots if safe, and whether any data was viewed or changed.
Coordination
Allow time for triage and repair before public disclosure. Mullusi may ask for clarification, impact details, or a safer way to reproduce the issue.
Safe testing requirements
- Use only your own browser session and your own data.
- Stop immediately if testing exposes non-public data, credentials, or infrastructure details.
- Do not run volume, stress, destructive, persistence, or bypass tests.
- Do not treat reserved subdomains or staged services as live production targets.
- Do not disclose the issue publicly before a coordinated repair window is agreed.