Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
9CVSS
8.8AI Score
0.001EPSS
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
9CVSS
8.8AI Score
0.001EPSS
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
9CVSS
8.8AI Score
0.001EPSS
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
8.4CVSS
8.2AI Score
0.001EPSS
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
7.5CVSS
7.5AI Score
0.001EPSS
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
7.5CVSS
7.5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
5.4CVSS
5.3AI Score
0.001EPSS
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.
9.8CVSS
7.9AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.0005EPSS
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.
9.8CVSS
7.9AI Score
0.001EPSS