CVE-2022-1347 Information

Description

Stored XSS in the �sername\ & \Email\ input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Reference

https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.4