CVE-2022-1345

EUVD-2022-24667
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
@huntrdevCNA
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
organizrorganizr
𝑥
< 2.1.1810
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a
https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25
https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a
https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25