Organizr
CVE-2022-1347
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
AnalysisAI
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation Affected products include: Organizr. Version information: prior to 2.1.1810..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. Rated critical severity (
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. Rated critical severity (CV
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vu
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. Rated critica
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. Rated high severity (CVSS 7.5
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. Rated high se
Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. Rated medium severity (CVSS 6.1), this vulnerabi
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. Rated medium severity (CVSS
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today