Godaddy's Workspace 5.3 Cross Site Scripting

2010-12-12T00:00:00
ID PACKETSTORM:96655
Type packetstorm
Reporter Elvenking
Modified 2010-12-12T00:00:00

Description

                                        
                                            `Godaddy´s Workspace 5.3 XSS   
  
  
Explanation:   
The javascript for special caracter filtering provided in email13.secureserver.net can be use to create a XSS attack, if we edit the content of an email and put <iframe src="javascript:alert("XSS");"></iframe> this will be filtered and scramble, making the XSS impossible, BUT, if we write <iframe src="javascript:alert("XSS");"></iframe> we will bypass the XSS filter.   
  
by Elvenking   
`