Organizr
Monthly
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.