Search This Blog

Powered by Blogger.

Blog Archive

Labels

Non Persistent Cross Site scripting vulnerability in Monster India, Gulf and Hong Kong

A security Researcher Shikhil Sharma has identified a Non persistent Cross Site scripting vulnerability in one of the Leading online jobs search portal, Monster.

A security Researcher Shikhil Sharma has identified a Non persistent Cross Site scripting vulnerability in one of the Leading online jobs search portal, Monster.

Monster is the largest job search engine in the world. Monster has over a million job postings at any time and over 1 million resumes, in the database (2008) and over 63 million job seekers per month. The company employs approximately 5,000 employees in 36 countries.

The Job search field in the Monster India website(jobsearch.monsterindia.com) is found to be vulnerable to the XSS injection.


POC:
http://jobsearch.monsterindia.com/searchresult.html?fts='/><script>alert('E+Hacking+News')</script>&x=0&y=0&mne=&mxe=
The same vulnerability affects the Hong Kong(jobsearch.monster.com.hk) and Gulf(jobsearch.monstergulf.com) branch of the Monster job portal.
Share it:

Breaking News

Hacking News

IT Security News

Non Persistent XSS

Vulnerability

XSS Vulnerability