Cross-site Scripting (XSS) - Stored in tsolucio/corebos


Reported on

Nov 3rd 2021


Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites

Proof of Concept

Step to Reproduce:

  1. Go to
  2. add the payload : "><script>alert(1)</script> on the Last Name placeholder and save.
  3. alert pops up !!

poc image:


Stored xss

We are processing your report and will contact the tsolucio/corebos team within 24 hours. a year ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back a year ago
Joe Bordes validated this vulnerability a year ago
D3lT4 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Joe Bordes confirmed that a fix has been merged on e9f1f4 a year ago
Joe Bordes has been awarded the fix bounty
to join this conversation