Search criteria
14 vulnerabilities found for causefx/organizr by causefx
CVE-2022-1909 (GCVE-0-2022-1909)
Vulnerability from nvd – Published: 2022-05-27 08:35 – Updated: 2024-08-03 00:17
VLAI
Title
Cross-site Scripting (XSS) - Stored in causefx/organizr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/d5245c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2200
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2200",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T08:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1909",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2200"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"name": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
]
},
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1909",
"datePublished": "2022-05-27T08:35:11.000Z",
"dateReserved": "2022-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1699 (GCVE-0-2022-1699)
Vulnerability from nvd – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Uncontrolled Resource Consumption in causefx/organizr
Summary
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3024b2bb-50ca-46a2-85d… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Resource Consumption in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1699",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled Resource Consumption in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
]
},
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1699",
"datePublished": "2022-05-12T15:20:10.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1698 (GCVE-0-2022-1698)
Vulnerability from nvd – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Allowing long password leads to denial of service in causefx/organizr
Summary
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
| https://huntr.dev/bounties/f4ab747b-e89a-4514-943… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
},
"title": "Allowing long password leads to denial of service in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1698",
"STATE": "PUBLIC",
"TITLE": "Allowing long password leads to denial of service in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"name": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
]
},
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1698",
"datePublished": "2022-05-12T15:20:15.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1347 (GCVE-0-2022-1347)
Vulnerability from nvd – Published: 2022-04-13 18:20 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr
Summary
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
Severity
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/6059501f-05d2-4e76-ae0… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:20:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1347",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
]
},
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1347",
"datePublished": "2022-04-13T18:20:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1345 (GCVE-0-2022-1345)
Vulnerability from nvd – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS viva .svg file upload in causefx/organizr
Summary
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/781b5c2a-bc98-41a0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .svg file upload in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1345",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .svg file upload in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
]
},
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1345",
"datePublished": "2022-04-13T18:10:18.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1346 (GCVE-0-2022-1346)
Vulnerability from nvd – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Multiple Stored XSS in causefx/organizr
Summary
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/8fe435b0-192f-41ca-b41… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
},
"title": "Multiple Stored XSS in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1346",
"STATE": "PUBLIC",
"TITLE": "Multiple Stored XSS in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
]
},
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1346",
"datePublished": "2022-04-13T18:10:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1344 (GCVE-0-2022-1344)
Vulnerability from nvd – Published: 2022-04-13 18:05 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS due to no sanitization in the filename in causefx/organizr
Summary
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/35f66966-af13-4f07-973… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to no sanitization in the filename in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1344",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to no sanitization in the filename in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
]
},
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1344",
"datePublished": "2022-04-13T18:05:11.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1909 (GCVE-0-2022-1909)
Vulnerability from cvelistv5 – Published: 2022-05-27 08:35 – Updated: 2024-08-03 00:17
VLAI
Title
Cross-site Scripting (XSS) - Stored in causefx/organizr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/d5245c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2200
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2200",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T08:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1909",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2200"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"name": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
]
},
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1909",
"datePublished": "2022-05-27T08:35:11.000Z",
"dateReserved": "2022-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1698 (GCVE-0-2022-1698)
Vulnerability from cvelistv5 – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Allowing long password leads to denial of service in causefx/organizr
Summary
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
| https://huntr.dev/bounties/f4ab747b-e89a-4514-943… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
},
"title": "Allowing long password leads to denial of service in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1698",
"STATE": "PUBLIC",
"TITLE": "Allowing long password leads to denial of service in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"name": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
]
},
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1698",
"datePublished": "2022-05-12T15:20:15.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1699 (GCVE-0-2022-1699)
Vulnerability from cvelistv5 – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Uncontrolled Resource Consumption in causefx/organizr
Summary
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3024b2bb-50ca-46a2-85d… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Resource Consumption in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1699",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled Resource Consumption in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
]
},
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1699",
"datePublished": "2022-05-12T15:20:10.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1347 (GCVE-0-2022-1347)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:20 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr
Summary
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
Severity
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/6059501f-05d2-4e76-ae0… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:20:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1347",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
]
},
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1347",
"datePublished": "2022-04-13T18:20:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1345 (GCVE-0-2022-1345)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS viva .svg file upload in causefx/organizr
Summary
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/781b5c2a-bc98-41a0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .svg file upload in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1345",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .svg file upload in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
]
},
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1345",
"datePublished": "2022-04-13T18:10:18.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1346 (GCVE-0-2022-1346)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Multiple Stored XSS in causefx/organizr
Summary
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/8fe435b0-192f-41ca-b41… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
},
"title": "Multiple Stored XSS in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1346",
"STATE": "PUBLIC",
"TITLE": "Multiple Stored XSS in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
]
},
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1346",
"datePublished": "2022-04-13T18:10:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1344 (GCVE-0-2022-1344)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:05 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS due to no sanitization in the filename in causefx/organizr
Summary
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/35f66966-af13-4f07-973… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to no sanitization in the filename in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1344",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to no sanitization in the filename in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
]
},
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1344",
"datePublished": "2022-04-13T18:05:11.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}