You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Under "Create job opening" in the menu "Track applications" change Mode to "use external link" and fill in e.g. javascript:alert('xss');"><script>alert('xss');</script><iframe src="https://www.yawik.org"><rel="
save
You will get to Javascript Messages "XSS" one from the preview and one from the "Track applications"-Menu.
The Iframe will be injected, too.
The text was updated successfully, but these errors were encountered:
It is possible to inject HTML/Javascript-Code like IFrames into a job offer.
Steps to reproduce:
javascript:alert('xss');"><script>alert('xss');</script><iframe src="https://www.yawik.org"><rel="
You will get to Javascript Messages "XSS" one from the preview and one from the "Track applications"-Menu.
![track-applications](https://user-images.githubusercontent.com/9078194/48441165-20b4f280-e78b-11e8-9db9-9c6285ba5923.PNG)
The Iframe will be injected, too.
The text was updated successfully, but these errors were encountered: