Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

[careers.informatica.com] XSS on "isJTN"

High
I
Informatica
Submitted None
Actions:
View on HackerOne
Reported by huntertxt

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Generic
hi , i found XSS bug on parameter "isJTN=" at careers.informatica.com give you ability to run java script code tested on firefox 50.0.2 also on old version of google chrome in the last version , but if try this bug in chrome last version you will got a source code displayed on page with out run cuz security protected stop XSS code * POC used payload : </ScrIpt><SCRIPT>+alert("X");</SCRIPT> https://careers.informatica.com/apply?applySource=Quick%20Apply&isJTN=</ScrIpt><SCRIPT>+alert("X");</SCRIPT>true&isQuickApply=false are this eligible for swag !? cheer

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Generic