logo
DATABASE RESOURCES PRICING ABOUT US

careerjet.ae Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1164592 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[careerjet.ae](<https://www.careerjet.ae>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **rajesh_appsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUs0lEQVR4nO2df0wURxvHt3jAAQsCAiLgK2ctEmKosZRgS1urRg2l5ETEhlLFliAhlBCCVGlCKbVoEQ21lBJDE7VNawwlhBBDzcUmF3JaRTwpoUgoxROBUESwp14R2fePSTfb3ZnZvV9y4PP562bYeeY7zzy7w83dPfMcx3EMAAAAADgBt7kWAAAAACxYYI0BAAAAnAWsMQAAAICzgDUGAAAAcBawxgAAAADOAtYYAAAAwFm47hqj0Whu3LhBKgIOxzU97AqqXEEDAMxTXHSN+e2332ZnZ1988UVsEXA4rulhV1DlChoAYP4is8bcunXL19cX+6epqanDhw+TinbS0tKSkpJCKj4LUDyPcKrDbYOkWVgvOy6FqqyyY09bpOGpdTcvuHXrVkBAgLRS4bNCYRdCa/fu3du7d29wcHB4ePhHH330+PFjazXbDHawgHJsfx8zOTlZWVlJKtoJrDErVqwYHx+nXOBUhzsW2bGQoKiy2aa1be33jD1SFwb2x2pWVtb09LTRaLx48aLBYCgrK3OUNsDZuOJe2cjISF9f34YNG7DFZwdPT8+n09FT8LANY5FVZY9/FLZ1lGee2lQuSB49etTZ2Xny5Mnw8PDVq1cfP368sbFxrkUBSlG0xnz55ZcajWbJkiXvvffe1NQUwzBTU1ORkZFms/m55547ffq0sHj8+HFfX9+jR48uXbo0ICBgz549jx49QnauXr362muv+fr6hoeH79ix4/fff8d219LSsmXLFnd3d1Fx+/btR48eRZU3btzw9PREYhiG2bdv3/79++kXvPDCC/TmIhlPnjw5ePDg0qVLfXx8du7ceffuXTSE9evXe3l5BQcH79y5886dO8y/7+sPHz4cHBy8bNmyb7/9lmGYf/7554MPPvD19V2xYsUnn3zy5MkTZFZaj20u3CuQNhH5X6QcK5IiSehw1O+xY8c0Go2Pj8+uXbvu3r27f//+4ODgJUuW7N2798GDB6jVgwcP9u3bFxwcvHz58k8//ZS39sUXX4imnrKLQpIkUiWNHJHNkZGRt956y9fXV6PRHDt2DG1uCMcSEBDw7rvvohmX7t1Jr5FqEEIaO0WGbF8ksHcNdop37dr1+eef8w3Xr19/+vRpiodJ3WGD586dO1u3bvX19V29evUPP/xAai77rFAeYDxeXl63b9/28fFBxf7+/rCwMPs9w5DDT+FgZZ0GMErWGLPZbDQaDQbDlStXhoeHDxw4wDDM4sWLe3t7WZa1WCyZmZnC4vbt281m85UrVzo6Ojo6Ojo7O6uqqpCp5OTkrKwsk8nU3t6emJioVquxPZI2ypKTk3U6HapsbW2dnZ1ta2tDRZ1Ol5SURL9Aq9XSm4tkVFVV6XQ6nU7X19cXFhbW09PDMExnZ2dOTs7o6Gh3d3dERER+fj7vpd7e3u7u7lOnTiUmJjIMU1FR8fDhw66urra2Nr1eX19fj67E1kubC5E2EflfdD1JJEmSyOFoxtvb241G4/DwcHR09Pj4eFdX1+XLlwcHB0tLS9FlBQUFw8PDnZ2dbW1tLS0tdXV1qG3HvwinngRJkkiVbOTk5+d7eHj09/frdLozZ84Ix9LV1YWi12Qy8eKFUK4hbZRhx06RYZUeEdixY6c4PT29ubkZtRoZGTEajVqtluJhLKTgyc/P9/Pz6+npOX/+POmxq+RZwSgOMCw3b94sLi6urq623zMMOfyUDFaJ0wCGYRiOyuDgIMMw9+/fR0WDwbBy5Ur+TyzLCq9ERdTEZDKh+qampri4OI7jJiYmVCqVxWKR9mIymSIjI9Frs9nMsuzExIS0ODw87O3tjSzEx8cXFRVlZGSgHv38/Kanp+kXmEwmenORqpCQkM7OTopz+vv7Q0ND+SHzmhFBQUFmsxm9NhqN8fHxpHpsc6F7saZE/pcVSbIjcjgSMzk5iYrt7e1ubm4PHz5ERYPBsGrVKo7jZmZmWJYdGBhA9S0tLQkJCaSpF0oVySZ5SagKGzlCOzMzM2q1mhfT1NTk7+/PSaK3vb0dRa9ID/YakQZRd9Kx02UIbw1sXyQodw0PP8UPHz5Ecc5xXF1dXUpKCsXDSuAto6EJZxYNTYjCZ4XCAMOG99DQ0MqVK8+ePesQz5Cco2SwSjoFECrZRYhlWX5jISwsbGJiQraJWq1evnw5eh0dHW0ymRiGCQgISEtLS0hI2LhxY1hYWFxc3BtvvMGbNRgM6PWFCxfi4+P5L3IIi8uWLYuKijIYDDExMcPDw2VlZVFRUU+ePNHpdJs3b3Z3d6dfsHz5cnpz4RCmpqYmJiZiY2NFQ7t+/XpJSUlPT8/09PTs7Ozs7CzvJeGXT+7duzc+Ph4ZGYmKs7OzKpWKUi9qLoTUhAJWJMmOyOFIzOLFi9HriIgIPz8/Ly8vVAwLC0MfX4+NjU1PT2s0GlQfHR2Nnh3YqSdBGZpQFSVyEGNjY7Ozs0IxwrHw0RsREYGNXtI1Us/w3WHHTpFhlR4hpLFjp9jLyyspKam5ufnDDz9samrKyspyVPCMjY0xDCOcWWxbhc8KJQGGJS0trbCwcNeuXfZ7hiGHn8LByjoNQMivMQ7kxx9/vHbtWnd39/DwcFFR0SuvvPLVV18xDLNo0aJly5aha+jfKEtKStLpdAMDA8nJyYsXL167dq1erxfudNEvkG0uYtGiRaIarVabnZ1dX1+vVquHhoa2bduGbWixWNzc3Do6Ovhb2s3NjVQ/PT1NcRrJFAWsSJKdOfzOHmVoIlXSyCkuLna2PBf5NiP2riHFYXp6em1tbWZm5pUrV5qamsxms0OCxxUYGRnp6uq6dOkSX2OPZxib7iwSLus0l4D+Nke6Ica/bVS4V9bc3Iw2TEQYjcaIiAhR5czMTFBQEL/bICpyHGcwGOLj41NSUs6fP89xXF1dXUFBQWho6PDwsJILZJsLCQkJMRqNwpqxsTGVSiUcgmgzRAjLstitNmk9trmwEmuKtFdGEom1I/UwZcaFRSV7ZfzUU/bKsEOTqhKCIke6VzY4OIiK0k0qkXiKHuEAhRqU75VRZNB9qwQ0dsoUWyyWwMDAmpqa1NRUVEOKQywky6Lto+bmZuxemZJnhcIAk4b3zMwMKSQ4mzzDkcNPdrBCKJ0CHMfZvsaYzWaVStXX1ycqogdNWlra0NBQd3f32rVry8vLOY7r6enZtm3bxYsXx8fHTSZTdnZ2cnIybxntq+r1+jVr1vCVoiIiJCQkJCQEXT80NOTn57d27VrlF9D/KtzeraysjI+P7+rqGhoays/P1+v1qHldXd3k5GRfX59Wq6WsMbm5uQkJCeifrKqqqoqKClK97BqDNSXyv1A5ViTWjtTDCh8BHMdlZ2enpKSYTKbu7u5169adOHGCNPVCm/fv31epVL29vTMzM6ShiVRhI0ekMy0tTavVDg4Odnd3x8bG2r/GiDSIZEvHrkSGDWsM6a4hTTHHcRkZGX5+fufOnUNFUhySIFnWarXCmRU+u+me5P4bqwoDTORwUV8O8QzFOaTBWus0gLNnjeE4rry83Nvb+9SpU8LisWPHWJY9cuRISEiIv7//7t270Qd609PT5eXlUVFRHh4eISEhmZmZo6Ojol6Ki4tLS0t5+6IiIiMjIy0tjS/GxcWJrqFfQPmraLAzMzMlJSVBQUFqtVqr1Y6Pj3Mcp9fr4+Li1Gp1aGhoUVERZY2xWCyFhYURERHe3t5JSUn8v2DSetk1hmSK97/IAlYk1o7Uw8rXGLPZnJOTExQUFBERUV5ePjMzg9pWVVWJpl5k88CBA3zYYIcmUoWNHJHN0dHR5ORklmUjIyOPHDli/xoj9YxQtnTsSmTYsMaQ7hrSFHMc19zczLIs/yk6KXhIkCwPDQ1t2bKFZdmoqKjq6mrlnkSQYpUSYEKHS6+03zMU52AHa4PTAE52jbEBhd93whIVFXX58mVS8ZnCHjcqxzU9bKeq3t7ekJCQudXgKBkAMN95qp/5y3Lz5k1KEXA4rulhO1UZjcaVK1fOrQZHyQCA+Y5rrTEA4vHjxwaDISIiYq6FzBs+++yzsLCwlJSUgYGB0tLSucpnZbOM4OBgbP3AwAA2RcKNGzfq6+u/+eYbUb1Go2lubpbNEm1td88CGo2msbGxurq6pqZm6dKl0gvAabYBa4wrkpOT09LS0tDQMNdC5g0bNmwoLCzMy8v73//+V1BQsGfPnvklw2g0YutJD6+srKx33nlHVKn8GAJru1vwINe99NJLHh4excXF3333nfQacJqNWLWzpuRTSpRjlZN8osDXS/9kFfaPQgj6KlRXV5eo/uzZsy71wZ3wc2MbhD2dT3cAJdg8F/wdND4+7ubmJv2J+6FDh/Lz8x0gkYwDA+kpxKTwmUOHd11nZyf8St+xOD7vMp/HW5TS3FG56C0Wi8Vi6e3t9ff3t/yLnTaPHz8uqqmpqbHTpksB6eUXAPwdZDabvb29pbmcXeRHo66D8mcO77rAwECz2exkXc8Wzs3t74yU5p6enp6enij/nee/2GNQpVKdO3duZGSEr7l06RLpffFcoVKpoqKihC+sBdLLL2ye2SMw7Adc51Tk1xir0lxLk/xL66W56K1NP45Fml77zz//9PHxuX79OsMwd+/eDQgI+OWXX6QN1Wp1cnJybW0tX1NTU5ORkUGxzFDztJMSfWMTv2OHL832Hx4efu3aNYZhwsPDf/31V9Tw559/lnULuoaUzZ6eXJ0kWOgZaXJ17FEF2IMSpCiZMmxefcp0YKNLKhIrm9KX6EosSlK+K5QnvIN++uknqR3hMQRS2cgg9sQNigDSMQSyxzeIzo6kBJLUFEU/1j5JquiZ8/XXX2/dupW38PHHH/OflpFOcFByfwGyyK8xVqW5FiX5x9ZLc9FjM2wHS6B3LU2vrdFoSktLCwsLGYYpKytLSkp68803sW2Li4vr6+tRiN++fbutrS0vL49iGdWT8rRTsqNjE7/bkO0fkZWVtWnTJrT2SLl69eqmTZtQ+j8RCpOry2aqJ6Xcl4rHHpQgnWIlU0bKq0+aDlL+dqlIaQ2lL9GV2HBVkvJdoTzSncUj3CgjHbuAPXGDIgDrT2uPb2CoJy9gTZHcTgIrVfTM0Wq1er3+77//5t2VmpoqdZ0Q+v0FKIX+cY0Naa4pv2q2KsH7kARRLxQlfHrt6enp6Ojo8vLyoKAgPq0AVu3rr79eW1vLcVxJSUlOTg7Jviifv2yedlF2dGnid+zwB3HZ/qWYzebKysrAwMD09HQ+qQzHcX19fenp6YGBgZWVlciyDcnVKYIRpOTqWPHYgxKwU0yfMlKuMMp0kE5GEImU1tD7Eg2QHq7cfyNHNvixXZDuLO6/xxBYdewCXQD2WASsHcqv9+knL0hNkfRTkqGRpl7UKiEhobGxka9HoSs924JvQrq/AKuQ+e6yDWmurYWUYTs8PNwqO9j02u7u7rW1tZs3bz5x4gT2O+88xcXFRUVFu3fvbmho4A8aoFhmyHnaSdnRsYnfbcj2z+Pj43Pw4MHc3Nz3338/Jibm8ePHqD4mJiY5OXlgYIDPoC5CYfZ+eqZ6Ssp9kXjSQQnYKaZPGSmvPkOYDkpye6mHRTX0vkRtsWORTflulTwKwmMIrDp2gS4AG95WHd/AUAMJa4ridhIKT0zQarWtra07duxobW1NSkpCn1CSTnBgyPcXYBVz//sYUoZt6ebYX3/9RbFDSq89Ojrq5uY2OjpKl/H222+XlJSkp6cnJCSsXr361q1bspatVYLFhmz/Qv7444+ysjK9Xl9RUcFXVlRUVFdX5+XlVVRUPP/88wpN2QDpsAYs0oMSSFOscMqU4MD87XSwY5GNBEfJs/kbZU/NP65Aamoq2thsbW3l95DprsPeX4B10N/mWJvmmrNprwybYduqvTJSeu3JycnQ0NCzZ88GBgb29PRQ1HIcd/LkSYZhdDqd0L7CfP6y15MSv2OHr/CnA7m5uSzLFhUVoXydQsbHxwsLC1mWzc3N5ajOJyUlpAjGwh/WgBUvPSiBI0wxfcoo+1ekQSk8GUFao7Av0lgURo5CeRz5zpKeiCG7VyY8cUOJAGE6Uayd+/fvu7m5CTesRHtl0kAimcLqp9inb6OJ3LhmzRqdTufv749M0c+2oNxfgHLkf71obZprYZJ/4QQL83srSfBOR/p5CTa9dl5eXnp6Osdxhw4d2rBhA9aOML3xxYsXpfaV5POXvZ4jJH7HDl/hGpOZmcnfuiQvZWZmcjatMRTBCFJydax47EEJWGSnDJtXnzIobHQpWWMU9kUBGwlKgh/bBX8HmUwmtVrN10sPaFB+7IJCAaI1BmsnPj4+Ozt7dHS0r68vMTFRGC2kIw9IprBuJ9mnTL3o/AuO48rKymJjY/lTRaSu6+/v55vL3l+AEuTXGGvTXHP/TfIvrUfJumUTvNORrjHS9NodHR0sy6J/lCwWS2Rk5JkzZ6R2sM8LoX0l+fxlr+cIid+xw3f4T6BtW2NIghGk5OpY8diDEqQomTJsXn3KoLDRpXCNUdIXBVIkyAY/qQt0BzU0NKjVav7RKT2GgHTsgvTEDYUChGsMizu+geO4/v7+jRs3siwbExNz4sQJYbRQjjzAmsK6nWSfHs+i80fQ7974otR1jY2NsbGxtEkFrMTxuf0BJcy7xO/zTvDCpqCgYOPGjei1kmMIHP5fi83MbSCZzWa1Ws1/i0zkOvRvTUNDwxypW5jM/Wf+zybzLvH7vBO8sKmuruZTUbjmAQ0k5jaQLly4kJiYyH+LTOQ6T0/P77///tVXX50LaQsWG9cYSHNtAy6Sf145807ws4O7u/vLL7881yqU4iKBNDU1VVtbK81XLQQWGMdj29sf6bdosL87A4To9fp169Z5eHisWrWqpqZmruXIM+8EAyTmdq/MRQLJw8MjNTVV+qthwKk8xxGy5QMAAACAnSzY31sBAAAAcw6sMQAAAICzgDUGAAAAcBawxgAAAADOAtYYAAAAwFnAGgMAAAA4C1hjAAAAAGcBawwAAADgLGCNAQAAAJwFrDEAAACAs4A1BgAAAHAWsMYAAAAAzgLWGAAAAMBZwBoDAAAAOAtYYwAAAABn8X9RTRTG+K8kqAAAAABJRU5ErkJggg==) --- **Screenshot:** ![careerjet.ae vulnerability](/twimages/screen-1164592.jpg) **Mirror:** [Click here to view the mirror](<http://1164592.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 18 May, 2020 07:00 GMT ---|--- Vulnerability Verified:| 18 May, 2020 07:16 GMT Website Operator Notified:| 18 May, 2020 07:16 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 18 May, 2020 07:16 GMT