37 matches found
Glassdoor: █████████eflected █████████████████ Vulnerability in Glassdoor Blog ███earch
A reflected cross-site scripting vulnerability was discovered in the Glassdoor blog search functionality. The vulnerability was remediated by strengthening input validation and output encoding...
Glassdoor Wants to Know Your Real Name
Anonymous, candid reviews made Glassdoor a powerful place to research potential employers. A policy shift requiring users to privately verify their real names is raising privacy concerns...
Glassdoor: Unauthorized Access to Deleted Interviews on Glassdoor Platform
Unauthorized access to deleted interviews on a career platform was possible through an RSS endpoint that has since been deprecated...
Glassdoor: IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture.
Vulnerability description not provided...
Glassdoor: Cache Poisoning allows redirection on JS files
A cache poisoning vulnerability was discovered in Glassdoor's design website. By sending a specific request, an attacker could redirect the /test.js file to a malicious website. This could potentially lead to a stored cross-site scripting XSS attack if other Glassdoor websites import javascript...
Glassdoor: XSS in www.glassdoor.com
Summary: Browser: Chrome Affected URL https://www.glassdoor.com/Location/All-Tesla-Office-Locations-E43129.htm?DIFFICULT=%3E%3Csvg%20onload%3d%26%23x00000000061;%26%23x0000000006c%26%23x0000000065%26%23x0000000072%26%23x000000000741%26%230000000000000041;%20%3C%2fscript%20 Steps To Reproduce: 1. ...
Glassdoor: XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution
There was reflected XSS detected at http://www.glassdoor.com/Search/results.htm using parameter pollution via keyword and locName parameters resolved by our development team. Thanks @nokline for your report and co-operation. We are looking forward to more findings from you. Thank you once again. ...
Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call "Nigerian Tesla" that has been dabbling into phishing...
Glassdoor: [https://www.glassdoor.com] - Web Cache Deception Leads to gdtoken Disclosure
A web cache deception issue was reported by @bombon For the exploit to trigger, the victim must be logged-in to Glassdoor and must also visit an attacker-controlled page that makes the victim hit the caching page, programmatically fetch the cached CSRF token gdToken, and forge and send a request ...
Glassdoor: Reflected XSS on https://www.glassdoor.com/job-listing/spotlight
Summary: The application is vulnerable to reflected cross-site scripting attacks on the /job-listing/spotlight URI in the callback parameter. Affected URL or select Asset from In-Scope: https://www.glassdoor.com/job-listing/spotlight Affected Parameter: callback Vulnerability Type: see list below...
Glassdoor: Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF
Hi there, I have found the xss vulnerability at: https://help.glassdoor.com/GDHCEmbeddedChatVF Browsers tested: Firefox, Chrome, Edge latest version Steps To Reproduce: Go to: https://help.glassdoor.com/GDHCEmbeddedChatVF?FirstName=l0cpd%22;a=alert,b=document.domain,ab// Supporting...
Glassdoor: Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter
An open redirect was found at https://www.glassdoor.com/profile/siwa.htm due to improper validation of the state parameter. Thanks, @0x7 for finding this and reporting this to us and looking forward to more reports from you...
Glassdoor: Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage
The endpoint at help.glassdoor.com/gdrequestsubmitpage suffers from a Cross-Site Scripting vulnerability via the lang parameter. Thanks, @0x7 for finding and reporting this to us. Looking forward to more reports from you...
Glassdoor: Reflected XSS on https://www.glassdoor.com/parts/header.htm
Reflected XSS was reported on https://www.glassdoor.com/parts/header.htm via the nonce parameter. Thanks, @0x7 for reporting the finding and also reporting additional endpoints affected by this - added a bonus for reporting those additional endpoints and also for your collaboration with us in the...
Glassdoor: Dom XSS Rootkit on [https://www.glassdoor.com/]
The report was vulnerable to DOM-based XSS via sc.keyword on https://www.glassdoor.com/Job/jobs.htm?sc.keyword=test and got resolved by another report 1064892. Thanks, @4peace for your submission...
Glassdoor: Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter
Hi there, I have found the xss vulnerability at: https://www.glassdoor.com/ via parameter: numSuggestions Summary: Affected Parameter: numSuggestions Browsers tested: Firefox, Chrome, Edge latest version Steps To Reproduce: Go to:...
Glassdoor: Reflected XSS at https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true via PATH
Summary: The endpoint https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true is vulnerable to reflected XSS. Injecting any input in path will be reflected back without any sanitisation. Affected URL or select Asset from In-Scope:...
Glassdoor: Reflected XSS at https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm via filter.jobTitleFTS parameter
The endpoint https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm is vulnerable to reflected XSS. Affected Parameter: filter.jobTitleFTS Browsers tested: Chrome, Firefox Payload:...
Glassdoor: Reflected XSS at https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCH_KE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true
Summary: There is a reflected XSS vulnerability in https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCHKE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true Vulnerability Type: Reflected XSS Browsers tested: Chrome, Firefox Payload:...
Glassdoor: Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter
Summary: There is a reflected XSS vulnerability in https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm?filter.jobTitleExact=Portfolio+Management+Group-Fixed+Income+Analyst&countryRedirect=true Affected Parameter: filter.jobTitleExact Browsers tested: Chrome, Firefox...