Bypass check length at Add Folder feature lead to XSS vulnerability in module=evvtgendoc

tsolucio / corebos

core Business Operating System. An OPEN SOURCE business application that helps small and medium business handle all the day to day tasks.

https://corebos.com

151 stars 142 forks source link

Closed Kubozz closed 1 year ago

Kubozz commented 1 year ago

I found Stored XSS on https://demo.corebos.com/index.php?action=index&module=evvtgendoc after I was Add Folder I reported in huntr.dev and I want to know if this bug has been fixed yet. Please help me review and publish the CVE. https://huntr.dev/bounties/a4d6a082-2ea8-49a5-8e48-6d39b5cc62e1/

joebordes commented 1 year ago

fixed: e87f77c64061b43186c80ad1b50d313c67d7f6cf