Naver Bug Bounty (Total Bounty: $1400)


  • Copy and Paste XSS in NAVER (Not Applicable/TheGrandPew/Jeongwon Jo) This attack also paid huge bounties from Google and Microsoft. Naver does not. K-company
  • CENSORED in NAVER (Bounty: $***/Slay) - NBB-2160
  • CENSORED in NAVER (Bounty: $***/Jeongwon Jo) - NBB-2153
  • Stored XSS in NAVER (Bounty: $250/Andrew Bae) - NBB-2138
  • Reflected XSS via Sandbox Bypass in NAVER (Not Applicable/Jeongwon Jo)
  • 1-Click Open Redirect in NAVER (Not Applicable/Jeongwon Jo)
  • GraphQL Injection in NAVER (Jeongwon Jo) - NBB-2083
  • Dom Based XSS in NAVER * 2 (Jeongwon Jo) - NBB-2081, NBB-2082
  • CSRF in NAVER (Bounty: $100/Youngseo Yoon) - NBB-1156
  • Stored XSS in NAVER (Bounty: $150/Youngseo Yoon) - NBB-1175
  • Reflected XSS in NAVER * 4 (Bounty: $700/Youngseo Yoon) - NBB-963, NBB-964, NBB-1044, NBB-1148
  • Flash Cross-Domain Policy in NAVER * 2 (Bounty: $200/Youngseo Yoon) - NBB-911, NBB-1315