At CubeCart we take security very seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions and provide credit for your work. As CubeCart is an open source platform we regret that we cannot offer a bounty or any kind of renumeration in return.
To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.
We will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement. We may need to ask for additional information or guidance.