XERXES-OG/CVE-2025-60925

## CVE-2025-60925
----------------------------------------------------------------------------------------------------------------------------------------
> [Suggested description] :  codeshare v1.0.0 was discovered to contain an information leakage vulnerability.

> [Vulnerability Type] : Incorrect Access Control

> [Vendor of Product] : https://www.codeshare.io/

> [Affected Product Code Base] : https://www.codeshare.io - 1.0.0

> [Affected Component] : Accessing https://codeshare.io/<id> with any valid ID reveals the full WebSocket history, allowing retrieval of data even after it has been deleted by the user.

> [Attack Type] : Remote

> [Impact Information Disclosure] : true

> [Attack Vectors] : An attacker modifies the <id> parameter in the URL (https://codeshare.io/<id>) to access a text-sharing pad. Although deleted text is removed from the frontend, it remains stored on the backend and is transmitted over WebSocket. By capturing WebSocket traffic using tools like Burp Suite, the attacker can retrieve deleted text data from the WebSocket history.

> [Reference] : https://medium.com/@ashutoshhwork/accessing-full-history-of-codeshare-io-users-432315083930
                https://drive.google.com/file/d/1GztqyUiYceLUncWHZ84c_WA9y59yL3B0/view?usp=sharing

> [Discoverer] : This vulnerability was discovered by Ashutosh Srivastava [ashutoshhwork@gmail.com]

----------------------------------------------------------------------------------------------------------------------------------------
	----------------------------------------------------------------------------------------------------------------------------------------
	> [Suggested description] : codeshare v1.0.0 was discovered to contain an information leakage vulnerability.

	> [Vulnerability Type] : Incorrect Access Control

	> [Vendor of Product] : https://www.codeshare.io/

	> [Affected Product Code Base] : https://www.codeshare.io - 1.0.0

	> [Affected Component] : Accessing https://codeshare.io/<id> with any valid ID reveals the full WebSocket history, allowing retrieval of data even after it has been deleted by the user.

	> [Attack Type] : Remote

	> [Impact Information Disclosure] : true

	> [Attack Vectors] : An attacker modifies the <id> parameter in the URL (https://codeshare.io/<id>) to access a text-sharing pad. Although deleted text is removed from the frontend, it remains stored on the backend and is transmitted over WebSocket. By capturing WebSocket traffic using tools like Burp Suite, the attacker can retrieve deleted text data from the WebSocket history.

	> [Reference] : https://medium.com/@ashutoshhwork/accessing-full-history-of-codeshare-io-users-432315083930
	https://drive.google.com/file/d/1GztqyUiYceLUncWHZ84c_WA9y59yL3B0/view?usp=sharing

	> [Discoverer] : This vulnerability was discovered by Ashutosh Srivastava [ashutoshhwork@gmail.com]

	----------------------------------------------------------------------------------------------------------------------------------------
No results found