Cross-site Scripting (XSS) - Reflected in tsolucio/corebos


Reported on

Dec 6th 2021


Please enter a description of the vulnerability. coreBOS is vulnerable to Reflected XSS via activitytype in index

Proof of Concept

1.After login, click poc url Activity Type

// PoC.js```
# Impact
This vulnerability is capable of...


We are processing your report and will contact the tsolucio/corebos team within 24 hours. a year ago
LoveCpp modified the report
a year ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back a year ago
Joe Bordes validated this vulnerability a year ago
LoveCpp has been awarded the disclosure bounty
The fix bounty is now up for grabs
a year ago


can you help me request cve?

Joe Bordes marked this as fixed in 8.0 with commit 66bcbd a year ago
Joe Bordes has been awarded the fix bounty
This vulnerability will not receive a CVE
a year ago


@admin now can you assign CVE?

Jamie Slome
a year ago


Hello 👋 @lovecppp

When our system doesn't automatically assign CVEs for reports, we must first ask the maintainer if they are happy for a CVE to be published.

@joebordes - can we go ahead and publish a CVE for this report?

a year ago


@ joebordes hello,can you help me request cve?

to join this conversation