Stored XSS in tsolucio/corebos


Reported on

Apr 24th 2023


I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible.

Proof of Concept

link video PoC


1.Go to my preferences and edit

2.Edit email and press save --> intercept burp

3.Add this line to the email in burp and press forward


4.Turn off intercept in burp and go back to my preferences click on email to compose message

I see that the code that I added to the email has been executed


(1) It enables intruders to manipulate background data maliciously, including reading, changing, adding and deleting some information.

(2) Stealing users' personal information or login accounts will pose a huge threat to the user security of the website.

(3) First, embed the malicious attack code into the Web application. When the user browses the hanging horse page, the user's computer will be implanted with a Trojan horse.

(4) Send advertisements or spam messages. Attackers can use XSS vulnerabilities to plant advertisements or send spam, seriously affecting the normal use of users.

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 5 months ago
H4ck3r Kh0ỏng
5 months ago


user can insert xss code into their gmail to hijack admin session cookie when admin click send mail to that user

We have contacted a member of the tsolucio/corebos team and are waiting to hear back 5 months ago
H4ck3r Kh0ỏng modified the report
5 months ago
H4ck3r Kh0ỏng
5 months ago


@admin It's been almost 2 weeks but haven't received any knowledge from tsolucio team. Can you try contacting other members from the group?

Ben Harvie
4 months ago


Hey @H4ck3r, this is as far as our outreach attempts go at the moment. Feel free to try and contact the maintainer directly yourself to see if you can get their attention to your report. Thanks!

H4ck3r Kh0ỏng
4 months ago


@joebordes Any new updates?

Joe Bordes validated this vulnerability 4 months ago
H4ck3r Kh0ỏng has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Joe Bordes marked this as fixed in 8 with commit b3a7a2 4 months ago
Joe Bordes has been awarded the fix bounty
This vulnerability has been assigned a CVE
Joe Bordes published this vulnerability 4 months ago
to join this conversation