TUCoPS :: HP Unsorted O :: tb12553.htm

Obedit v3.03 XSS
XSS on Obedit v3.03
XSS on Obedit v3.03


==============================================Obedit v3.03 - XSS Vuln.
==============================================
Author: Ishkur 
Impact: XSS and Cookie Alert
Patches: in development

-------------------------------------------
Affected Software Description:
-------------------------------------------

Application: Obedit
Version: 3.03
Vendor: http://www.oblius.com/?projects.obedit 

Description:
obedit is a Flash-based rich text editor. It will allow a user to edit text much like you would in an office-like application, with simple editing features like bold, italic, justification, block indents, text color, font and size selection, links, bullets, background color, and spell checking.

--------------------
Vulns:
--------------------

open to XSS and Cookie alerts via the 'save' function.


--------------------
PoC Exploit:
--------------------

save a document with the code:



-------------------
Solution:
-------------------

none as of yet

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH