Cross site scripting on contact module in tsolucio/corebos
Mar 24th 2023
Step to reproduce
- Open into
https://demo.corebos.comand navigate to settings > Users.
- Add XSS payload into Entity Name.
- Now navigate to contact > Create contact > Add contact and click on more information > click add opportunity.
- On Assign to drop menu select XSS payload and save.
"><img src=x onerror=alert(1)>
XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise