You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 8, 2023. It is now read-only.
You should check the last two opened issues, they go into major detail about the above XSS vuls in Codiad. Almost every component is vulnerable to it, and most importantly the file manager. IIRC You can name a file to install evil script and then an admin account who looks at the folder will cause all sorts of bad stuff.
Nice catch though, I didn't notice it much when I forked Codiad
#1122 reported XSS vulnerability in file controller.php and I report XSS vulnerabilities in two dialog.php. I think they are different things.
I cannot see the contents in #1131 and have no idea of their discovery. Here I post two PoCs to demonstrate the XSS vuls confirmed by me.
Yes, if that's what you want to do, but you may as well start opening XSS issues for every single file in Codiad. The method by which Codiad handles sending data is inherently vulnerable, which is what #1122 is demonstrating.
Hi, I found multiple XSS vulnerabilities in Codiad-2.8.4.
Detail:
parameter: ?action=projects&username=<script>alert(1)</script>
parameter: action=confirm&path=<script>alert(1)</script>
The text was updated successfully, but these errors were encountered: