Glassdoor Wants to Know Your Real Name

Anonymous, candid reviews made Glassdoor a powerful place to research potential employers. A policy shift requiring users to privately verify their real names is raising privacy concerns...

Glassdoor: Unauthorized Access to Deleted Interviews on Glassdoor Platform

Unauthorized access to deleted interviews on a career platform was possible through an RSS endpoint that has since been deprecated...

Glassdoor: IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture.

Vulnerability description not provided...

Glassdoor: Cache Poisoning allows redirection on JS files

A cache poisoning vulnerability was discovered in Glassdoor's design website. By sending a specific request, an attacker could redirect the /test.js file to a malicious website. This could potentially lead to a stored cross-site scripting XSS attack if other Glassdoor websites import javascript...

Glassdoor: XSS in www.glassdoor.com

Summary: Browser: Chrome Affected URL https://www.glassdoor.com/Location/All-Tesla-Office-Locations-E43129.htm?DIFFICULT=%3E%3Csvg%20onload%3d%26%23x00000000061;%26%23x0000000006c%26%23x0000000065%26%23x0000000072%26%23x000000000741%26%230000000000000041;%20%3C%2fscript%20 Steps To Reproduce: 1. ...

Glassdoor: [https://www.glassdoor.com] - Web Cache Deception Leads to gdtoken Disclosure

A web cache deception issue was reported by @bombon For the exploit to trigger, the victim must be logged-in to Glassdoor and must also visit an attacker-controlled page that makes the victim hit the caching page, programmatically fetch the cached CSRF token gdToken, and forge and send a request ...

Glassdoor: Reflected XSS on https://www.glassdoor.com/job-listing/spotlight

Summary: The application is vulnerable to reflected cross-site scripting attacks on the /job-listing/spotlight URI in the callback parameter. Affected URL or select Asset from In-Scope: https://www.glassdoor.com/job-listing/spotlight Affected Parameter: callback Vulnerability Type: see list below...

Glassdoor: Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF

Hi there, I have found the xss vulnerability at: https://help.glassdoor.com/GDHCEmbeddedChatVF Browsers tested: Firefox, Chrome, Edge latest version Steps To Reproduce: Go to: https://help.glassdoor.com/GDHCEmbeddedChatVF?FirstName=l0cpd%22;a=alert,b=document.domain,ab// Supporting...

Glassdoor: Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter

An open redirect was found at https://www.glassdoor.com/profile/siwa.htm due to improper validation of the state parameter. Thanks, @0x7 for finding this and reporting this to us and looking forward to more reports from you...

Glassdoor: Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage

The endpoint at help.glassdoor.com/gdrequestsubmitpage suffers from a Cross-Site Scripting vulnerability via the lang parameter. Thanks, @0x7 for finding and reporting this to us. Looking forward to more reports from you...

Glassdoor: Reflected XSS on https://www.glassdoor.com/parts/header.htm

Reflected XSS was reported on https://www.glassdoor.com/parts/header.htm via the nonce parameter. Thanks, @0x7 for reporting the finding and also reporting additional endpoints affected by this - added a bonus for reporting those additional endpoints and also for your collaboration with us in the...

Glassdoor: Dom XSS Rootkit on [https://www.glassdoor.com/]

The report was vulnerable to DOM-based XSS via sc.keyword on https://www.glassdoor.com/Job/jobs.htm?sc.keyword=test and got resolved by another report 1064892. Thanks, @4peace for your submission...

Glassdoor: Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter

Hi there, I have found the xss vulnerability at: https://www.glassdoor.com/ via parameter: numSuggestions Summary: Affected Parameter: numSuggestions Browsers tested: Firefox, Chrome, Edge latest version Steps To Reproduce: Go to:...

Glassdoor: Reflected XSS at https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true via PATH

Summary: The endpoint https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true is vulnerable to reflected XSS. Injecting any input in path will be reflected back without any sanitisation. Affected URL or select Asset from In-Scope:...

Glassdoor: Reflected XSS at https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm via filter.jobTitleFTS parameter

The endpoint https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm is vulnerable to reflected XSS. Affected Parameter: filter.jobTitleFTS Browsers tested: Chrome, Firefox Payload:...

Glassdoor: Reflected XSS at https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCH_KE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true

Summary: There is a reflected XSS vulnerability in https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCHKE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true Vulnerability Type: Reflected XSS Browsers tested: Chrome, Firefox Payload:...

Glassdoor: Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter

Summary: There is a reflected XSS vulnerability in https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm?filter.jobTitleExact=Portfolio+Management+Group-Fixed+Income+Analyst&countryRedirect=true Affected Parameter: filter.jobTitleExact Browsers tested: Chrome, Firefox...

Glassdoor: 2FA bypass by sending blank code

Summary: █████████. This is a failure in null check of the entered code. In simple terms, the 2FA while logging in can be bypassed by sending a blank code. This could be because of incorrect comparison of entered code with true code. A pre-validation may be null check before comparing the codes...

Glassdoor: Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/

Summary: There is a reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ through the utmsource parameter. By using URL encoding I was able to bypass the WAF. Affected URL or select Asset from In-Scope: https://www.glassdoor.com/ Affected Parameter: utmsource Vulnerability Type: XSS...

Glassdoor: HTML Injection in Glassdoor job sharing emails

HTML injection possibility within the "fromEmail" field of the email template going out from [email protected]. This report was a duplicate of 824165 which should've resolved this issue. Thanks @jackb898 for your report and looking forward to more findings from you...