This could be used to trick innocent users applying to a job on a big company (Jobs.cz customers). When they're clicking on the Apply they could been victims of, for example, redirections to malware sites or drive by downloads.
Proof of concept:
http://xxxxxxx.jobs.cz/lang/577198204/xxxxxxxx?brand=g2&exportRCM=43374188&trackingBrand=unknown';alert("xss by @dsopas");//&rps=186&ep=
Keep in mind that Jobs.cz have many important clients like Accenture, KPMG, DHL, ŠKODA AUTO, Telefónica, T-Mobile, BOSCH Group, GE Money, Vodafone, Ernst & Young, SIEMENS, Avast and many others.
I would like to thank the Jobs.cz security team for keeping me updated and providing a solution to this issue very fast. It's always glad to see companies that care about security and appreciate help from outsiders.
23 Apr 2013: Reported to Jobs.cz
24 Apr 2013: First contact with Jobs.cz technical support
25 Apr 2013: Update from Jobs.cz security team
13 May 2013: Patched
13 Jun 2013: Full disclosure