Glassdoor


10 total issues disclosed

$9,450 total paid publicly


Most disclosed (4 disclosures) — Cross-site Scripting (XSS) - Reflected

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com None supplied zonduu Low 2021-12-02
[https://www.glassdoor.com] - Web Cache Deception Leads to gdtoken Disclosure Information Disclosure bombon High 2021-11-30
Reflected XSS on https://www.glassdoor.com/job-listing/spotlight Cross-site Scripting (XSS) - Reflected vestige23 Medium 2021-08-19
Reflected XSS on https://help.glassdoor.com/GD_HC_EmbeddedChatVF Cross-site Scripting (XSS) - Reflected l0cpd Medium 2021-07-01
web.xml configuration file disclosure Information Disclosure koaladev Low 2021-04-16
[XSS] Reflected XSS via POST request in (editJobAlert.htm) file Cross-site Scripting (XSS) - Reflected flex0geek Medium 2021-04-16
XSS at https://www.glassdoor.com/Salary/* via filter.jobTitleExact Cross-site Scripting (XSS) - Generic bendtheory Medium 2021-04-09
Site wide CSRF affecting both job seeker and Employer account on glassdoor.com Cross-Site Request Forgery (CSRF) ta8ahi Critical 2020-12-10
2FA bypass by sending blank code Improper Authentication - Generic safehacker_27 High 2020-07-02
Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ Cross-site Scripting (XSS) - Reflected parzel Medium 2020-05-22