NBB-2286

Description

The Naver is a major Korean Company. The serieson.naver.com was very vulnerable to Dom Based XSS via Open Redirect. I reported this vulnerability in 10 Feb 2022, and it was patched in 16 Feb, 2022.


Reporting Timeline

  • 2022-02-10 22h 32m : Reported this issue via the Naver Bug Bounty
  • 2022-02-11 12h 15m : Request status changed to 1st review
  • 2022-02-11 13h 36m : Request status changed to 2nd review
  • 2022-02-16 16h 02m : Request status changed to Reward
  • 2022-02-28 13h 49m : Request status changed to Waiting for customer
  • 2022-03-11 13h 39m : Request status changed to Reward In Process
  • 2022-03-16 10h 23m : Request status changed to Complete

Security Report