Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Organizr
(Organizr)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 10 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-13 | CVE-2022-1344 | Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | Organizr | 9.0 | ||
| 2022-04-13 | CVE-2022-1346 | Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | Organizr | 9.0 | ||
| 2022-04-13 | CVE-2022-1345 | Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | Organizr | 9.0 | ||
| 2022-04-13 | CVE-2022-1347 | Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation | Organizr | 8.4 | ||
| 2022-05-12 | CVE-2022-1698 | Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | Organizr | 7.5 | ||
| 2022-05-12 | CVE-2022-1699 | Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | Organizr | 7.5 | ||
| 2022-05-27 | CVE-2022-1909 | Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | Organizr | 5.4 | ||
| 2024-08-29 | CVE-2024-41370 | Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | Organizr | 9.8 | ||
| 2024-08-29 | CVE-2024-41371 | Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | Organizr | 6.1 | ||
| 2024-08-29 | CVE-2024-41372 | Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. | Organizr | 9.8 |