NBB-2256

POCAS

2022-02-07

Description

The Naver is a major Korean Company. The joinus.comic.naver.com was very vulnerable to Dom Based XSS. I reported this vulnerability in 21 Jan 2022, and it was patched in 22 Feb, 2022.

Reporting Timeline

2022-01-21 16h 45m : Reported this issue via the Naver Bug Bounty
2022-01-21 18h 47m : Request status changed to 1st review
2022-01-21 19h 18m : Request status changed to 2nd review
2022-02-23 13h 02m : Request status changed to Reward
2022-03-22 14h 45m : Request status changed to Waiting for customer
2022-03-25 12h 08m : Request status changed to Reward In Process
2022-03-31 10h 59m : Request status changed to Complete

Security Report

NBB-2256-protected.pdf