Godaddy Workspace Cross Site Scripting Exploit

Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?

Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:

~~You can download the original Godaddy Cross Site Scripting Exploit movie from our archive~~.

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec

Research & Tutorials

CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro

An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.

Jun 5, 2025

2 min read

Insights

OffSec’s Take on the Global Generative AI Adoption Index

Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.

May 30, 2025

3 min read

Research & Tutorials

CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters

A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.

May 29, 2025