Cross-site Scripting (XSS) - Reflected in tsolucio/corebos


Reported on

Oct 31st 2021


Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites

Proof of Concept.

// PoC.js
Link -->

Vulnerable parameter --> forrecord


This vulnerability is capable of claiming other users cookie performing other advanced scenarios . Account takeover is possible in this case .

Joe Bordes validated this vulnerability a month ago
0x9x has been awarded the disclosure bounty
The fix bounty is now up for grabs
a month ago


Thanks for your help too !

Joe Bordes confirmed that a fix has been merged on dcd094 a month ago
Joe Bordes has been awarded the fix bounty