Glassdoor: [https://www.glassdoor.com] - Web Cache Deception Leads to gdtoken Disclosure

A web cache deception issue was reported by @bombon For the exploit to trigger, the victim must be logged-in to Glassdoor and must also visit an attacker-controlled page that makes the victim hit the caching page, programmatically fetch the cached CSRF token gdToken, and forge and send a request ...