Cengage

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
api.webassign.net URL high high high critical
demo.webassign.net URL high high high critical
https://ng.cengage.com/* URL high high high critical
Testers can click on the link below, create a student trial account (does not need to be a real email address – no verification required) and have access for 2 weeks. https://www.cengage.com/dashboard/#/course-confirmation/MTPPBDQNH24B/initial-course-confirmation
https://ng.cengage.com/static/nb/login.html URL high high high critical
https://ng.cengage.com/static/nb/login.html (MT Admin Login) Testers can click on the link below, create a student trial account (does not need to be a real email address – no verification required) and have access for 2 weeks. https://www.cengage.com/dashboard/#/course-confirmation/MTPPBDQNH24B/initial-course-confirmation
webassign.net URL high high high critical
www.webassign.net URL high high high critical
*.cengage.com URL high high high critical
*.cengage.com
Cengage Ed2Go OTHER high high high critical
https://www.ed2go.com/
Cengage Mindtap OTHER critical
https://www.cengage.com/mindtap/
Cengage's Gale OTHER high high high critical
*.gale.com
Cengage OTHER critical
* `*.cengage.com` Any vulnerability which could be directly tied to Cengage assets that is not explicitly listed in scope for another platform
Cengage Gale OTHER high high high critical
* `*.gale.com`
Cengage NatGeo OTHER critical
* `https://ngl.cengage.com` * `https://ngl.cengage.com/
*` * `https://www.myngconnect.com/*` * `https://eltngl.com/
*`
Cengage WebAssign OTHER critical
* `demo.webassign.net` * `api.webassign.net` * `webassign.net` * `https://www.cengage.com/mindtap/`
Learning Objects OTHER critical
https://learningobjects.com/*

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://www.cengage.com/dashboard URL none
Login page for Cengage.com currently out of scope
https://www.cengage.com/mindtap/ URL none