Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by causefx
CVE-2022-1909 (GCVE-0-2022-1909)
Vulnerability from nvd – Published: 2022-05-27 08:35 – Updated: 2024-08-03 00:17
VLAI
Title
Cross-site Scripting (XSS) - Stored in causefx/organizr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/d5245c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2200
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2200",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T08:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1909",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2200"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"name": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
]
},
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1909",
"datePublished": "2022-05-27T08:35:11.000Z",
"dateReserved": "2022-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1699 (GCVE-0-2022-1699)
Vulnerability from nvd – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Uncontrolled Resource Consumption in causefx/organizr
Summary
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3024b2bb-50ca-46a2-85d… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Resource Consumption in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1699",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled Resource Consumption in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
]
},
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1699",
"datePublished": "2022-05-12T15:20:10.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1698 (GCVE-0-2022-1698)
Vulnerability from nvd – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Allowing long password leads to denial of service in causefx/organizr
Summary
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
| https://huntr.dev/bounties/f4ab747b-e89a-4514-943… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
},
"title": "Allowing long password leads to denial of service in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1698",
"STATE": "PUBLIC",
"TITLE": "Allowing long password leads to denial of service in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"name": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
]
},
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1698",
"datePublished": "2022-05-12T15:20:15.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1347 (GCVE-0-2022-1347)
Vulnerability from nvd – Published: 2022-04-13 18:20 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr
Summary
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
Severity
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/6059501f-05d2-4e76-ae0… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:20:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1347",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
]
},
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1347",
"datePublished": "2022-04-13T18:20:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1345 (GCVE-0-2022-1345)
Vulnerability from nvd – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS viva .svg file upload in causefx/organizr
Summary
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/781b5c2a-bc98-41a0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .svg file upload in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1345",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .svg file upload in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
]
},
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1345",
"datePublished": "2022-04-13T18:10:18.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1346 (GCVE-0-2022-1346)
Vulnerability from nvd – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Multiple Stored XSS in causefx/organizr
Summary
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/8fe435b0-192f-41ca-b41… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
},
"title": "Multiple Stored XSS in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1346",
"STATE": "PUBLIC",
"TITLE": "Multiple Stored XSS in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
]
},
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1346",
"datePublished": "2022-04-13T18:10:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1344 (GCVE-0-2022-1344)
Vulnerability from nvd – Published: 2022-04-13 18:05 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS due to no sanitization in the filename in causefx/organizr
Summary
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/35f66966-af13-4f07-973… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to no sanitization in the filename in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1344",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to no sanitization in the filename in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
]
},
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1344",
"datePublished": "2022-04-13T18:05:11.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1909 (GCVE-0-2022-1909)
Vulnerability from cvelistv5 – Published: 2022-05-27 08:35 – Updated: 2024-08-03 00:17
VLAI
Title
Cross-site Scripting (XSS) - Stored in causefx/organizr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/d5245c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2200
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2200",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T08:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
],
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1909",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2200"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8f83eb8f-51a8-41c0-bc7d-077f48faebdc"
},
{
"name": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/d5245cab1f4b9180856330266911d6ceda14858b"
}
]
},
"source": {
"advisory": "8f83eb8f-51a8-41c0-bc7d-077f48faebdc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1909",
"datePublished": "2022-05-27T08:35:11.000Z",
"dateReserved": "2022-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:17:00.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1698 (GCVE-0-2022-1698)
Vulnerability from cvelistv5 – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Allowing long password leads to denial of service in causefx/organizr
Summary
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
| https://huntr.dev/bounties/f4ab747b-e89a-4514-943… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:15.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
],
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
},
"title": "Allowing long password leads to denial of service in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1698",
"STATE": "PUBLIC",
"TITLE": "Allowing long password leads to denial of service in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
},
{
"name": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
}
]
},
"source": {
"advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1698",
"datePublished": "2022-05-12T15:20:15.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1699 (GCVE-0-2022-1699)
Vulnerability from cvelistv5 – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Uncontrolled Resource Consumption in causefx/organizr
Summary
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Severity
9.9 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3024b2bb-50ca-46a2-85d… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/e4b4cf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.2000
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.2000",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T15:20:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
],
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Resource Consumption in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1699",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled Resource Consumption in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.2000"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3024b2bb-50ca-46a2-85db-1cc916791cda"
},
{
"name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
}
]
},
"source": {
"advisory": "3024b2bb-50ca-46a2-85db-1cc916791cda",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1699",
"datePublished": "2022-05-12T15:20:10.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1347 (GCVE-0-2022-1347)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:20 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr
Summary
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
Severity
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/6059501f-05d2-4e76-ae0… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:20:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
],
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1347",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in the \"Username\" \u0026 \"Email\" input fields leads to account takeover of Admin \u0026 Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf"
}
]
},
"source": {
"advisory": "6059501f-05d2-4e76-ae03-5eb64835e6bf",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1347",
"datePublished": "2022-04-13T18:20:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1345 (GCVE-0-2022-1345)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS viva .svg file upload in causefx/organizr
Summary
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/781b5c2a-bc98-41a0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
],
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
},
"title": "Stored XSS viva .svg file upload in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1345",
"STATE": "PUBLIC",
"TITLE": "Stored XSS viva .svg file upload in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25"
}
]
},
"source": {
"advisory": "781b5c2a-bc98-41a0-a276-ea12399e5a25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1345",
"datePublished": "2022-04-13T18:10:18.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1346 (GCVE-0-2022-1346)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:10 – Updated: 2024-08-03 00:03
VLAI
Title
Multiple Stored XSS in causefx/organizr
Summary
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
| https://huntr.dev/bounties/8fe435b0-192f-41ca-b41… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:10:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
],
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
},
"title": "Multiple Stored XSS in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1346",
"STATE": "PUBLIC",
"TITLE": "Multiple Stored XSS in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
},
{
"name": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f"
}
]
},
"source": {
"advisory": "8fe435b0-192f-41ca-b41e-580fcd34892f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1346",
"datePublished": "2022-04-13T18:10:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1344 (GCVE-0-2022-1344)
Vulnerability from cvelistv5 – Published: 2022-04-13 18:05 – Updated: 2024-08-03 00:03
VLAI
Title
Stored XSS due to no sanitization in the filename in causefx/organizr
Summary
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/35f66966-af13-4f07-973… | x_refsource_CONFIRM |
| https://github.com/causefx/organizr/commit/a09d83… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| causefx | causefx/organizr |
Affected:
unspecified , < 2.1.1810
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "causefx/organizr",
"vendor": "causefx",
"versions": [
{
"lessThan": "2.1.1810",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T18:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
],
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
},
"title": "Stored XSS due to no sanitization in the filename in causefx/organizr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1344",
"STATE": "PUBLIC",
"TITLE": "Stored XSS due to no sanitization in the filename in causefx/organizr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "causefx/organizr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.1810"
}
]
}
}
]
},
"vendor_name": "causefx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\u0027s browser and it can lead to session hijacking, sensitive data exposure, and worse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c"
},
{
"name": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a",
"refsource": "MISC",
"url": "https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a"
}
]
},
"source": {
"advisory": "35f66966-af13-4f07-9734-0c50fdfc3a8c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1344",
"datePublished": "2022-04-13T18:05:11.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}