Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Valid

Reported on

Nov 3rd 2021

Description

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites

Proof of Concept

Step to Reproduce:

  1. Go to http://demo.corebos.com/index.php?module=Users&action=DetailView&record=1&modechk=prefview
  2. add the payload : "><script>alert(1)</script> on the Last Name placeholder and save.
  3. alert pops up !!

poc image: https://ibb.co/FHQNbx7

Impact

Stored xss

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 2 years ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back 2 years ago
Joe Bordes validated this vulnerability 2 years ago
D3lT4 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Joe Bordes marked this as fixed with commit e9f1f4 2 years ago
Joe Bordes has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation