Under "Create job opening" in the menu "Track applications" change Mode to "use external link" and fill in e.g. javascript:alert('xss');"><script>alert('xss');</script><iframe src="https://www.yawik.org"><rel="
save
You will get to Javascript Messages "XSS" one from the preview and one from the "Track applications"-Menu.
The Iframe will be injected, too.
It is possible to inject HTML/Javascript-Code like IFrames into a job offer.
Steps to reproduce:
javascript:alert('xss');"><script>alert('xss');</script><iframe src="https://www.yawik.org"><rel="
You will get to Javascript Messages "XSS" one from the preview and one from the "Track applications"-Menu.
The Iframe will be injected, too.