LocalTapiola: XSS on 3rd party service Localtapiola is using

Basic report information Summary: Localtapiola is using careers.fi service to job applicants at http://www.lahitapiola.fi/tietoa-lahitapiolasta/toihin-meille/avoimet-tyopaikat/haemme-juuri-nyt Description: XSS on 3rd party careers.fi job service which may lead loss of personal data for the...

careers.fi XSS vulnerability

Vulnerable URL: http://careers.fi/tapiola/careers.cgi?r=%27%3E%3Csvg/onload=alert%27OPENBUGBOUNTY%27%3E// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 351922 VIP website status:|...