Answer the question
In order to leave comments, you need to log in
R
R
Ruslan Dobrioglo2021-03-16 21:11:47
Ruslan Dobrioglo, 2021-03-16 21:11:47
Should I report an XSS vulnerability to the site owner?
Hello. I found an XSS vulnerability on someone else's site.
One page has a text input field, while the other shows the last thing users entered. I entered a harmless
one. I don't know how many people go to a page that is vulnerable to XSS, but I think there are some, since this page has a link in the footer of the site. The site is not very popular, but people visit it sometimes.
Can there be a penalty for finding an XSS vulnerability? Should I report it to the site owner? ( I found the owner of the domain through whois )
<script>alert('XSS')</script>
2 answer(s)
@Ruslan0709
@Alex_from
C
CityCat4, 2021-03-17 @Ruslan0709
You can also report if you are not afraid that you will be accused of hacking. The Internet is no longer a "friendly environment". If this is a shabby indie site - then most likely they will thank you. If this is a fat site with a reputation and money - it's better not to meddle.
A
Alexander Moskvin, 2021-04-17 @Alex_from
There is no penalty for discovering a vulnerability. But most likely you won’t get a gingerbread either. Except for a very small list of companies that have bug-hunting programs. But they no longer have XSS vulnerabilities
Similar questions
J
R
M
S
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question