Reflected XSS via "stufftype" parameter in tsolucio/corebos
Aug 22nd 2022
The value for the
- Windows OS
- Firefox Browser
Proof of Concept
- Hover over the
Refreshicon displayed in the page to execute the payload.
The attacks commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.