AOH :: HP Unsorted O :: TB12553.HTM

Obedit v3.03 XSS



XSS on Obedit v3.03
XSS on Obedit v3.03



==============================================Obedit v3.03 - XSS Vuln.
==============================================
Author: Ishkur 
Impact: XSS and Cookie Alert
Patches: in development

-------------------------------------------
Affected Software Description:
-------------------------------------------

Application: Obedit
Version: 3.03
Vendor: http://www.oblius.com/?projects.obedit 

Description:
obedit is a Flash-based rich text editor. It will allow a user to edit text much like you would in an office-like application, with simple editing features like bold, italic, justification, block indents, text color, font and size selection, links, bullets, background color, and spell checking.

--------------------
Vulns:
--------------------

open to XSS and Cookie alerts via the 'save' function.


--------------------
PoC Exploit:
--------------------

save a document with the code:



-------------------
Solution:
-------------------

none as of yet




The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.