XSS within Atom

So not sure if this is a security bug or just how atom works. Also not sure how to correctly report it

Create a new file and add the following

error

https://blahwebsite.co.uk/admin/default?error=

Use the find function – CTRL + F

Search for something which is on the same line as the XSS code – for example error

Click back on the main window of text document then to trigger the payload do CTRL + F again

The XSS payload has been executed

Confirmed payloads to work

<script/v>confirm(/@test/)

1 Like

just realized had everything stripped out my post.

For anyone following along, issue was opened here:

And it seems like the behavior is related to a community package because it’s not reproducible in safe mode.