NBB-2287

POCAS

2022-02-07

Description

The Naver is a major Korean Company. The serieson.naver.com was very vulnerable to Dom Based XSS via Open Redirect. I reported this vulnerability in 10 Feb 2022, and it was patched in 16 Feb, 2022.

Reporting Timeline

2022-02-10 22h 53m : Reported this issue via the Naver Bug Bounty
2022-02-11 12h 15m : Request status changed to 1st review
2022-02-11 14h 06m : Request status changed to 2nd review
2022-02-16 16h 02m : Request status changed to Reward
2022-02-28 13h 49m : Request status changed to Waiting for customer
2022-03-11 13h 39m : Request status changed to Reward In Process
2022-03-16 10h 23m : Request status changed to Complete

Security Report

NBB-2287-protected.pdf