Godaddy Workspace Cross Site Scripting Exploit

Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?

Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:

~~You can download the original Godaddy Cross Site Scripting Exploit movie from our archive~~.

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec

Research & Tutorials

CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection

Discover details about CVE-2025-29306, a critical RCE vulnerability in FoxCMS 1.2.5. Learn how unsafe use of PHP’s unserialize() function enables remote attackers to execute arbitrary system commands.

Jul 3, 2025

2 min read

Research & Tutorials

CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php

Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.

Jun 26, 2025

2 min read

OffSec News

What It Really Means to “Try Harder”

Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.

Jun 23, 2025

7 min read

View all blogs