CVE-2022-1345

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
@huntrdevCNA
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
organizrorganizr
𝑥
< 2.1.1810
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a
https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25
https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a
https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25