Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

OffSec Team

1 min read

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?

Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:

~~You can download the original Godaddy Cross Site Scripting Exploit movie from our archive~~.

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec

Research & Tutorials

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.

Apr 23, 2025

3 min read

Research & Tutorials

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

Apr 17, 2025

2 min read

Enterprise Security

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Champion OSCP training in your organization to build a unified, resilient security team.

Apr 11, 2025

6 min read

View all blogs

New course! SJD-100: Secure Java Development Essentials