CVE-2022-1344

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
@huntrdevCNA
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
organizrorganizr
𝑥
< 2.1.1810
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a
https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c
https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a
https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c