This article provides a solution to address vulnerabilities found by third-party security scans.
Merchant performed a PEN test through an independent security agency, and a vulnerability was flagged.
Vulnerabilities found by third-party security scans should be sent to the HackerOne website. Adobe Commerce does not have a direct point of contact at HackerOne, so you should directly reach out to HackerOne. Adobe only handles the MST (Magento Security Scan tool) report.