CVE-2013-7257 – Codiad 2.0.7 Persistent XSS

About the software

Codiad is a web-based IDE framework with a small footprint and minimal requirements (demo).

Vulnerability Details

Project Zero Labs identified a stored (persistent) cross site scripting vulnerability in the “Project Name” field. For example if we insert:

<script>alert("XSS Found!");</script>

as the project name a popup alert will appear every time we trigger the Project Menu or the Codiad loads the Project. An attacker can inject malicious code that will be executed on the victim’s browser. The vulnerability has already reported to the development team via GitHub.

Report & Proof Of Concept

A detailed report with screenshots as Proof Of Concept can be found in the software’s bug tracker

Payload

<script>alert("XSS Found!");</script>

Severity

Medium

Author

Filippos Mastrogiannis

External Links

CVE
NVD
≈ Packet Storm

Comments are closed.