Search criteria
20 vulnerabilities found for organizr by organizr
CVE-2024-41372 (GCVE-0-2024-41372)
Vulnerability from nvd – Published: 2024-08-29 00:00 – Updated: 2024-08-30 13:40 Unsupported When Assigned
VLAI
Summary
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:causefx:organizr:1.90:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "organizr",
"vendor": "causefx",
"versions": [
{
"status": "affected",
"version": "1.90"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T13:38:28.587981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T13:40:08.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:06:49.599Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/causefx/Organizr"
},
{
"url": "https://github.com/causefx/Organizr/issues/1999"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41372",
"datePublished": "2024-08-29T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-30T13:40:08.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41371 (GCVE-0-2024-41371)
Vulnerability from nvd – Published: 2024-08-29 00:00 – Updated: 2024-08-30 14:34 Unsupported When Assigned
VLAI
Summary
Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php.
Severity
6.1 (Medium)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:organizr:organizr:1.90:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "organizr",
"vendor": "organizr",
"versions": [
{
"status": "affected",
"version": "1.90"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41371",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T14:32:49.078934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T14:34:49.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:57:47.293Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/causefx/Organizr"
},
{
"url": "https://github.com/causefx/Organizr/issues/1997"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41371",
"datePublished": "2024-08-29T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-30T14:34:49.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41370 (GCVE-0-2024-41370)
Vulnerability from nvd – Published: 2024-08-29 00:00 – Updated: 2024-08-30 13:41 Unsupported When Assigned
VLAI
Summary
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:causefx:organizr:1.90:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "organizr",
"vendor": "causefx",
"versions": [
{
"status": "affected",
"version": "1.90"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T13:40:21.436385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T13:41:11.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:03:14.197Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/causefx/Organizr"
},
{
"url": "https://github.com/causefx/Organizr/issues/1998"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41370",
"datePublished": "2024-08-29T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-30T13:41:11.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1909 (GCVE-0-2022-1909)
Vulnerability from nvd – Published: 2022-05-27 08:35 – Updated: 2024-08-03 00:17
VLAI
Title
Cross-site Scripting (XSS) - Stored in causefx/organizr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/d5245c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2200
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2200",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T08:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1909",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2200"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"name": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
]
},
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1909",
"datePublished": "2022-05-27T08:35:11.000Z",
"dateReserved": "2022-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1699 (GCVE-0-2022-1699)
Vulnerability from nvd – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Uncontrolled Resource Consumption in causefx/organizr
Summary
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3024b2bb-50ca-46a2-85d… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Resource Consumption in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1699",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled Resource Consumption in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
]
},
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1699",
"datePublished": "2022-05-12T15:20:10.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1698 (GCVE-0-2022-1698)
Vulnerability from nvd – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Allowing long password leads to denial of service in causefx/organizr
Summary
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
| https://huntr.dev/bounties/f4ab747b-e89a-4514-943… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
},
"title": "Allowing long password leads to denial of service in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1698",
"STATE": "PUBLIC",
"TITLE": "Allowing long password leads to denial of service in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"name": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
]
},
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1698",
"datePublished": "2022-05-12T15:20:15.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1347 (GCVE-0-2022-1347)
Vulnerability from nvd – Published: 2022-04-13 18:20 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr
Summary
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
Severity
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/6059501f-05d2-4e76-ae0… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:20:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1347",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
]
},
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1347",
"datePublished": "2022-04-13T18:20:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1345 (GCVE-0-2022-1345)
Vulnerability from nvd – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS viva .svg file upload in causefx/organizr
Summary
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/781b5c2a-bc98-41a0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .svg file upload in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1345",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .svg file upload in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
]
},
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1345",
"datePublished": "2022-04-13T18:10:18.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1346 (GCVE-0-2022-1346)
Vulnerability from nvd – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Multiple Stored XSS in causefx/organizr
Summary
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/8fe435b0-192f-41ca-b41… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
},
"title": "Multiple Stored XSS in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1346",
"STATE": "PUBLIC",
"TITLE": "Multiple Stored XSS in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
]
},
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1346",
"datePublished": "2022-04-13T18:10:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1344 (GCVE-0-2022-1344)
Vulnerability from nvd – Published: 2022-04-13 18:05 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS due to no sanitization in the filename in causefx/organizr
Summary
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/35f66966-af13-4f07-973… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to no sanitization in the filename in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1344",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to no sanitization in the filename in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
]
},
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1344",
"datePublished": "2022-04-13T18:05:11.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41372 (GCVE-0-2024-41372)
Vulnerability from cvelistv5 – Published: 2024-08-29 00:00 – Updated: 2024-08-30 13:40 Unsupported When Assigned
VLAI
Summary
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:causefx:organizr:1.90:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "organizr",
"vendor": "causefx",
"versions": [
{
"status": "affected",
"version": "1.90"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T13:38:28.587981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T13:40:08.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:06:49.599Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/causefx/Organizr"
},
{
"url": "https://github.com/causefx/Organizr/issues/1999"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41372",
"datePublished": "2024-08-29T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-30T13:40:08.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41370 (GCVE-0-2024-41370)
Vulnerability from cvelistv5 – Published: 2024-08-29 00:00 – Updated: 2024-08-30 13:41 Unsupported When Assigned
VLAI
Summary
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:causefx:organizr:1.90:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "organizr",
"vendor": "causefx",
"versions": [
{
"status": "affected",
"version": "1.90"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T13:40:21.436385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T13:41:11.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:03:14.197Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/causefx/Organizr"
},
{
"url": "https://github.com/causefx/Organizr/issues/1998"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41370",
"datePublished": "2024-08-29T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-30T13:41:11.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41371 (GCVE-0-2024-41371)
Vulnerability from cvelistv5 – Published: 2024-08-29 00:00 – Updated: 2024-08-30 14:34 Unsupported When Assigned
VLAI
Summary
Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php.
Severity
6.1 (Medium)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:organizr:organizr:1.90:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "organizr",
"vendor": "organizr",
"versions": [
{
"status": "affected",
"version": "1.90"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41371",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T14:32:49.078934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T14:34:49.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:57:47.293Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/causefx/Organizr"
},
{
"url": "https://github.com/causefx/Organizr/issues/1997"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41371",
"datePublished": "2024-08-29T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-30T14:34:49.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1909 (GCVE-0-2022-1909)
Vulnerability from cvelistv5 – Published: 2022-05-27 08:35 – Updated: 2024-08-03 00:17
VLAI
Title
Cross-site Scripting (XSS) - Stored in causefx/organizr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/d5245c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2200
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2200",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T08:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1909",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2200"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"name": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
]
},
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1909",
"datePublished": "2022-05-27T08:35:11.000Z",
"dateReserved": "2022-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1698 (GCVE-0-2022-1698)
Vulnerability from cvelistv5 – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Allowing long password leads to denial of service in causefx/organizr
Summary
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
| https://huntr.dev/bounties/f4ab747b-e89a-4514-943… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
},
"title": "Allowing long password leads to denial of service in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1698",
"STATE": "PUBLIC",
"TITLE": "Allowing long password leads to denial of service in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"name": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
]
},
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1698",
"datePublished": "2022-05-12T15:20:15.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1699 (GCVE-0-2022-1699)
Vulnerability from cvelistv5 – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Uncontrolled Resource Consumption in causefx/organizr
Summary
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3024b2bb-50ca-46a2-85d… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Resource Consumption in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1699",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled Resource Consumption in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
]
},
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1699",
"datePublished": "2022-05-12T15:20:10.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1347 (GCVE-0-2022-1347)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:20 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr
Summary
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
Severity
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/6059501f-05d2-4e76-ae0… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:20:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1347",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
]
},
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1347",
"datePublished": "2022-04-13T18:20:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1345 (GCVE-0-2022-1345)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS viva .svg file upload in causefx/organizr
Summary
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/781b5c2a-bc98-41a0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .svg file upload in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1345",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .svg file upload in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
]
},
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1345",
"datePublished": "2022-04-13T18:10:18.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1346 (GCVE-0-2022-1346)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Multiple Stored XSS in causefx/organizr
Summary
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/8fe435b0-192f-41ca-b41… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
},
"title": "Multiple Stored XSS in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1346",
"STATE": "PUBLIC",
"TITLE": "Multiple Stored XSS in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
]
},
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1346",
"datePublished": "2022-04-13T18:10:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1344 (GCVE-0-2022-1344)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:05 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS due to no sanitization in the filename in causefx/organizr
Summary
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/35f66966-af13-4f07-973… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to no sanitization in the filename in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1344",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to no sanitization in the filename in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
]
},
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1344",
"datePublished": "2022-04-13T18:05:11.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}