Should I report an XSS vulnerability to the site owner?

R

Ruslan Dobrioglo2021-03-16 21:11:47

XSS

Ruslan Dobrioglo, 2021-03-16 21:11:47

Hello. I found an XSS vulnerability on someone else's site.
One page has a text input field, while the other shows the last thing users entered. I entered a harmless one. I don't know how many people go to a page that is vulnerable to XSS, but I think there are some, since this page has a link in the footer of the site. The site is not very popular, but people visit it sometimes. Can there be a penalty for finding an XSS vulnerability? Should I report it to the site owner? ( I found the owner of the domain through whois )
<script>alert('XSS')</script>

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2021-03-17
@Ruslan0709

You can also report if you are not afraid that you will be accused of hacking. The Internet is no longer a "friendly environment". If this is a shabby indie site - then most likely they will thank you. If this is a fat site with a reputation and money - it's better not to meddle.

A

Alexander Moskvin, 2021-04-17
@Alex_from

There is no penalty for discovering a vulnerability. But most likely you won’t get a gingerbread either. Except for a very small list of companies that have bug-hunting programs. But they no longer have XSS vulnerabilities