Cross-site Scripting (XSS) - Reflected in tsolucio/corebos


Reported on

Oct 31st 2021


Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites

Proof of Concept.

// PoC.js
Link -->

Vulnerable parameter --> forrecord


This vulnerability is capable of claiming other users cookie performing other advanced scenarios . Account takeover is possible in this case .

Joe Bordes validated this vulnerability 2 years ago
0x9x has been awarded the disclosure bounty
The fix bounty is now up for grabs
2 years ago


Thanks for your help too !

Joe Bordes marked this as fixed with commit dcd094 2 years ago
Joe Bordes has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation