Advisories

XSS in Laundry allows to perform an Account Takeover

5.1

Medium

Discovered by 

Carlos Bello

Carlos Bello

Offensive Team, Fluid Attacks

Summary

Full name

XSS in Laundry 2.3.0 allows to perform an account takeover

Code name

winehouse

State

Public

Release date

Jul 2, 2025

Affected product

Laundry

Affected version(s)

Version 2.3.0

Vulnerability name

Reflected cross-site scripting (XSS)

Vulnerability type

008. Reflected cross-site scripting (XSS)

Remotely exploitable

Yes

CVSS v4.0 vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

CVSS v4.0 base score

5.1

Exploit available

Yes

CVE ID(s)

CVE-2025-52842

Description

Laundry version 2.3.0 allows to perform an account takeover. This is possible because the application is vulnerable to XSS.

Vulnerability

An XSS vulnerability has been identified in laundry. This allows an account takeover to be performed on any user accessing a malicious link.

Exploit

Evidence of exploitation
Our security policy
We have reserved the ID CVE-2025-52842 to refer to this issue from now on.
  1. https://fluidattacks.com/advisories/policy/
System Information
  1. Version: laundry 2.3.0
  2. Operating System: MacOS
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Carlos Bello from Fluid Attacks' Offensive Team.
References
Vendor page https://github.com/mohaiminur/laundry/
Timeline
Vulnerability discovered
Sep 20, 2023
Vendor contacted
Sep 26, 2023
Public disclosure
Jul 2, 2025
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Try for free
Contact sales
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Try for free
Contact sales
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Try for free
Contact sales
Plans
Advisories
EN
Contact sales
Log in
Try for free
EN
Contact sales
Try for free
Plans
Advisories
EN
Contact sales
Log in
Try for free
EN
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Platform
SAST
DAST
SCA
CSPM
PTaaS
Secure code review
Reverse engineering
Solutions
Continuous Hacking
AppSec
Cloud security
ASPM
RBVM
SSCS
Compliance
DevSecOps
Targets
Web applications
Mobile applications
APIs and microservices
Containers
Infrastructure as code
Cloud infrastructure
Resources
Advisories
Blog
Success stories
Downloadables
Cybersecurity essentials
Events
Documentation
Courses on our platform
Company
About us
Clients
Certifications
Partners
Careers
Trust center
SOC 2 Type II
SOC 3
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Subscribe
© 2025 Fluid Attacks. We hack your software.
Terms of use
Privacy policy
System status
Cookie policy
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Platform
SAST
DAST
SCA
CSPM
PTaaS
Secure code review
Reverse engineering
Solutions
Continuous Hacking
AppSec
Cloud security
ASPM
RBVM
SSCS
Compliance
DevSecOps
Targets
Web applications
Mobile applications
APIs and microservices
Containers
Infrastructure as code
Cloud infrastructure
Resources
Advisories
Blog
Success stories
Downloadables
Cybersecurity essentials
Events
Documentation
Courses on our platform
Company
About us
Clients
Certifications
Partners
Careers
Trust center
SOC 2 Type II
SOC 3
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Subscribe
© 2025 Fluid Attacks. We hack your software.
Terms of use
Privacy policy
System status
Cookie policy
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Platform
SAST
DAST
SCA
CSPM
PTaaS
Secure code review
Reverse engineering
Solutions
Continuous Hacking
AppSec
Cloud security
ASPM
RBVM
SSCS
Compliance
DevSecOps
Targets
Web applications
Mobile applications
APIs and microservices
Containers
Infrastructure as code
Cloud infrastructure
Resources
Advisories
Blog
Success stories
Downloadables
Cybersecurity essentials
Events
Documentation
Courses on our platform
Company
About us
Clients
Certifications
Partners
Careers
Trust center
SOC 2 Type II
SOC 3
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Subscribe
© 2025 Fluid Attacks. We hack your software.
Terms of use
Privacy policy
System status
Cookie policy