Cross-site Scripting (XSS) - Stored in tsolucio/corebos


Reported on

Nov 3rd 2021


Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites

Proof of Concept

Step to Reproduce:

  1. Go to
  2. add the payload : "><script>alert(1)</script> on the Last Name placeholder and save.
  3. alert pops up !!

poc image:


Stored xss

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 2 years ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back 2 years ago
Joe Bordes validated this vulnerability 2 years ago
D3lT4 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Joe Bordes marked this as fixed with commit e9f1f4 2 years ago
Joe Bordes has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation