NBB-2256

Description

The Naver is a major Korean Company. The joinus.comic.naver.com was very vulnerable to Dom Based XSS. I reported this vulnerability in 21 Jan 2022, and it was patched in 22 Feb, 2022.


Reporting Timeline

  • 2022-01-21 16h 45m : Reported this issue via the Naver Bug Bounty
  • 2022-01-21 18h 47m : Request status changed to 1st review
  • 2022-01-21 19h 18m : Request status changed to 2nd review
  • 2022-02-23 13h 02m : Request status changed to Reward
  • 2022-03-22 14h 45m : Request status changed to Waiting for customer
  • 2022-03-25 12h 08m : Request status changed to Reward In Process
  • 2022-03-31 10h 59m : Request status changed to Complete

Security Report