Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Glassdoor - HackerOne Reports

View on HackerOne

33

Total Reports

3

Critical

6

High

17

Medium

6

Low

Dom XSS Rootkit on [https://www.glassdoor.com/]

Reported by: 4peace | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Reflected XSS at https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true via PATH

Reported by: n1xk_10 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter

Reported by: l0cpd | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage

Reported by: 0x7 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Web Cache Deception

Reported by: saboorhakimi | Disclosed:

Medium

Weakness: Information Disclosure

Reflected XSS at https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCH_KE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true

Reported by: n1xk_10 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

XSS in www.glassdoor.com

Reported by: seifelsallamy | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Get all personal email IDs of Glassdoor users[No user interaction required]

Reported by: safehacker_2715 | Disclosed:

High

Weakness: Information Disclosure

Site wide CSRF affecting both job seeker and Employer account on glassdoor.com

Reported by: ta8ahi | Disclosed:

Critical

Weakness: Cross-Site Request Forgery (CSRF)

IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture.

Reported by: iohasib | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

[CRITICAL] Full account takeover without user interaction on sign with Apple flow

Reported by: emanelyazji | Disclosed:

Critical

Weakness: Improper Authentication - Generic

web.xml configuration file disclosure

Reported by: deb0con | Disclosed:

Low

Weakness: Information Disclosure

Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter

Reported by: n1xk_10 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Previous Page 2 of 2