Bypass check length at Add Folder feature lead to XSS in module=evvtgendoc in tsolucio/corebos


Reported on

Apr 2nd 2023


I found Stored XSS on after I was Add Folder

Proof of Concept

Step 1: Go to Documents function , click Add Folder. 
Step 2: Intercept request by Burpsuite and then Insert xss payload.
Step 3: Go to, Choose Quick Create . 
Step4: I was successful trigger XSS

Video POC here :


Attacker can execute JavaScript code on users who open the link. If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 6 months ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back 6 months ago
6 months ago


Hi Team member !

I want to know if this bug has been fixed yet. Please help me review and publish the CVE.

Joe Bordes validated this vulnerability 4 months ago
kubozz has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Joe Bordes marked this as fixed in 8 with commit e87f77 4 months ago
Joe Bordes has been awarded the fix bounty
This vulnerability has been assigned a CVE
Joe Bordes published this vulnerability 4 months ago
to join this conversation