Skip to content

Latest commit

 

History

History
36 lines (36 loc) · 4.13 KB

glassdoor.md

File metadata and controls

36 lines (36 loc) · 4.13 KB

Reports in glassdoor program:

S.No Title Bounty
1 Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ $0.0
2 2FA bypass by sending blank code $0.0
3 Site wide CSRF affecting both job seeker and Employer account on glassdoor.com $0.0
4 Reflected XSS at https://www.glassdoor.com/ via the 'numSuggestions' parameter $0.0
5 IDOR Vulnerability in Job Preferences $0.0
6 Access to Glassdoor's Infra (AWS) and BitBucket account through leaked repo $0.0
7 XSS at https://www.glassdoor.com/Salary/* via filter.jobTitleExact $0.0
8 Dom XSS Rootkit on [https://www.glassdoor.com/] $0.0
9 [XSS] Reflected XSS via POST request in (editJobAlert.htm) file $0.0
10 HTML Injection in Glassdoor job sharing emails $0.0
11 CSRF in Demographic Settings with valid gdtoken of other account $0.0
12 Reflected XSS at https://www.glassdoor.co.in/Job/pratt-whitney-jobs-SRCH_KE0,13.htm?initiatedFromCountryPicker=true&countryRedirect=true $0.0
13 Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter $0.0
14 Reflected XSS at https://www.glassdoor.com/Interview/Accenturme-Interview-Questions-E9931.htm via filter.jobTitleFTS parameter $0.0
15 Reflected XSS at https://www.glassdoor.co.in/FAQ/Microsoft-Question-FAQ200086-E1651.htm?countryRedirect=true via PATH $0.0
16 web.xml configuration file disclosure $0.0
17 Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF $0.0
18 Reflected XSS on https://www.glassdoor.com/job-listing/spotlight $0.0
19 [https://www.glassdoor.com] - Web Cache Deception Leads to gdtoken Disclosure $0.0
20 CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com $0.0
21 Web Cache Poisoning leads to Stored XSS $0.0
22 Get all personal email IDs of Glassdoor users[No user interaction required] $0.0
23 Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter $0.0
24 Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage $0.0
25 Reflected XSS on https://www.glassdoor.com/parts/header.htm $0.0
26 [CRITICAL] Full account takeover without user interaction on sign with Apple flow $0.0
27 XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution $0.0
28 Web Cache Poisoning leads to XSS and DoS $0.0
29 XSS in www.glassdoor.com $0.0
30 Cache Poisoning allows redirection on JS files $0.0
31 Unauthorized Access to Deleted Interviews on Glassdoor Platform $0.0
32 IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture. $0.0
33 Web Cache Deception $0.0