Cross-site Scripting (XSS) - Stored in tsolucio/corebosValid
Nov 3rd 2021
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites
Proof of Concept
Step to Reproduce:
- Go to http://demo.corebos.com/index.php?module=Users&action=DetailView&record=1&modechk=prefview
- add the payload : "><script>alert(1)</script> on the Last Name placeholder and save.
- alert pops up !!
poc image: https://ibb.co/FHQNbx7