Bypass check length at Add Folder feature lead to XSS in module=evvtgendoc in tsolucio/corebos

Valid

Reported on

Apr 2nd 2023

Description

I found Stored XSS on https://demo.corebos.com/index.php?action=index&module=evvtgendoc after I was Add Folder

Proof of Concept

Step 1: Go to Documents function https://demo.corebos.com/index.php?action=index&module=Documents , click Add Folder. 
Step 2: Intercept request by Burpsuite and then Insert xss payload.
Step 3: Go to https://demo.corebos.com/index.php?action=index&module=evvtgendoc, Choose Quick Create . 
Step4: I was successful trigger XSS

Video POC here :https://drive.google.com/file/d/1tDPuPIUGYTldWxiexcHDaueetxz6TIuu/view?usp=sharing

Impact

Attacker can execute JavaScript code on users who open the link. If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 6 months ago

We have contacted a member of the tsolucio/corebos team and are waiting to hear back 6 months ago

kubozz

commented 6 months ago

Researcher

Hi Team member !

I want to know if this bug has been fixed yet. Please help me review and publish the CVE.

Joe Bordes validated this vulnerability 4 months ago

kubozz has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Joe Bordes marked this as fixed in 8 with commit e87f77 4 months ago

Joe Bordes has been awarded the fix bounty

This vulnerability has been assigned a CVE

Joe Bordes published this vulnerability 4 months ago

to join this conversation