Author: Ishkur <fuxxx0rz [at] gmail com>
Impact: XSS and Cookie Alert
Patches: in development
Application: Obedit
Version: 3.03
Vendor: http://www.oblius.com/?projects.obedit
Description:
obedit is a Flash-based rich text editor. It will allow a user to edit text much like you would in an office-like application, with simple editing features like bold, italic, justification, block indents, text color, font and size selection, links, bullets, background color, and spell checking.
open to XSS and Cookie alerts via the 'save' function.
save a document with the code:
<script>javascript:alert("XSS");</script>
none as of yet