Lucene search

[email protected]NVD:CVE-2022-1344

HistoryApr 13, 2022 - 6:15 p.m.

CVE-2022-1344

2022-04-1318:15:09

CWE-79

[email protected]

web.nvd.nist.gov

github

xss

sensitive data exposure

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

40.5%

JSON

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse.

Affected configurations

Nvd

Node

organizrorganizrRange<2.1.1810

VendorProductVersionCPE
organizrorganizr*cpe:2.3:a:organizr:organizr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
organizr	organizr	*	cpe:2.3:a:organizr:organizr::::::::

References

github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a

huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

40.5%

JSON

Related for NVD:CVE-2022-1344

cvelist1 cve1 prion1 huntr1 osv1