The organizr application allows malicious javascript payload in the “Tab Image” and “Group Image” for which its leads to stored XSS.
1.Login to the co-admin account and go to “Settings” -> “Tab Editor”.
2.Now click on “Tabs” -> “Add New Tab” and filled all the details.
3.Then in “Tab Image” insert the payload "><img src>
and click on Add Tab
1.Login to the co-admin account and go to “Settings” -> “User Management” -> “Manage Groups”.
2.Now click on “Add New Group” and filled all the details.
3.Then in “Group Image” insert the payload "><img src>
and click on Add Group
https://drive.google.com/file/d/1P6-Zq5D55EegVjfeLNtwG-7bU0_6mexn/view?usp=sharing