XSS via file name - https://sms.indeed.com/signup/signage-details/

Disclosed by
CGuillaume's avatar
CGuillaume
  • Engagement Indeed
  • Disclosed date almost 3 years ago
  • Reward $100
  • Priority P4 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by CGuillaume

XSS via file name - https://sms.indeed.com/signup/signage-details/

Activity
  1. Kyle_indeed’s avatar
    Kyle_indeed Customer published the disclosure report

    ()

  2. Kyle_indeed’s avatar
    Kyle_indeed Customer changed the state to Resolved

    ()

  3. CGuillaume’s avatar
    CGuillaume requested disclosure

    ()

  4. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd updated the submission

    ()

  5. r_indeed’s avatar
    r_indeed Customer changed the state to Unresolved

    ()

  6. r_indeed’s avatar
    r_indeed Customer rewarded CGuillaume 5 points

    ()

  7. r_indeed’s avatar
    r_indeed Customer rewarded CGuillaume $100

    ()

  8. r_indeed’s avatar
    r_indeed Customer sent a message

    ()

  9. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd sent a message

    ()

  10. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd changed the state to Triaged

    ()

  11. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd changed the severity to P4

    ()

  12. CGuillaume’s avatar
    CGuillaume created the submission

    ()