Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrSampritdas88F83EB8F-51A8-41C0-BC7D-077F48FAEBDC
HistoryMay 24, 2022 - 3:42 p.m.

Stored XSS in "Tab Image" and "Group Image"

2022-05-2415:42:03
sampritdas8
www.huntr.dev
15

0.001 Low

EPSS

Percentile

21.6%

JSON

Description

The organizr application allows malicious javascript payload in the “Tab Image” and “Group Image” for which its leads to stored XSS.

Proof of Concept 1

1.Login to the co-admin account and go to “Settings” -> “Tab Editor”.

2.Now click on “Tabs” -> “Add New Tab” and filled all the details.

3.Then in “Tab Image” insert the payload "&gt;<img src> and click on Add Tab

Proof of Concept 2

1.Login to the co-admin account and go to “Settings” -> “User Management” -> “Manage Groups”.

2.Now click on “Add New Group” and filled all the details.

3.Then in “Group Image” insert the payload "&gt;<img src> and click on Add Group

Video PoC

https://drive.google.com/file/d/1P6-Zq5D55EegVjfeLNtwG-7bU0_6mexn/view?usp=sharing

Related

osv 1
cvelist 1
cve 1
prion 1
nvd 1
osv
osv
CVE-2022-1909
2022-05-27 09:15:08
cvelist
cvelist
CVE-2022-1909 Cross-site Scripting (XSS) - Stored in causefx/organizr
2022-05-27 08:35:11
cve
cve
CVE-2022-1909
2022-05-27 09:15:08
prion
prion
Cross site scripting
2022-05-27 09:15:00
nvd
nvd
CVE-2022-1909
2022-05-27 09:15:08

0.001 Low

EPSS

Percentile

21.6%

JSON
Related for 8F83EB8F-51A8-41C0-BC7D-077F48FAEBDC
osv1cvelist1cve1prion1nvd1