Glassdoor: Full account takeover without user Interaction

A vulnerability in the email verification process allowed bypassing of email validation checks. An attacker could manipulate the API response to change the isValidated parameter, enabling registration of accounts with unregistered email addresses and verification without legitimate access to the...