# Bug Bounty Report — [Program Name]

**Asset:** [URL / scope item]
**Report date:** [YYYY-MM-DD]
**Researcher:** [Handle]

---

## Summary

[One paragraph: what the bug is, where, and why it matters.]

## Severity

**Suggested severity:** [Critical / High / Medium / Low]
**CVSS 3.1 (if applicable):** [X.X] — `CVSS:3.1/...`

## Steps to Reproduce

1. Navigate to `[URL]`
2. [Action]
3. [Observe impact]

## Proof of Concept

```http
[Request/response or payload]
```

## Impact

[What an attacker can do — data access, account takeover, etc.]

## Supporting Material

- [Screenshot or video reference]

---

*Formatted for HackerOne / Bugcrowd / Intigriti — PoCcraft template*
