Scanner gratuitement
CRITICALCVE-2022-1347CVSS 9.6

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr

traduction en cours…

Plateforme

php

Composant

organizr

Corrigé dans

2.1.1810

AI Confidence: highNVDEPSS 0.5%Révisé: mai 2026
Voir sur NVD
Sauvegarder
Traduction vers votre langue…

CVE-2022-1347 describes a stored Cross-Site Scripting (XSS) vulnerability discovered in Organizr, a self-hosted organizational chart tool. This vulnerability allows attackers to inject malicious scripts into the "Username" and "Email" input fields, potentially leading to account takeover of administrator and co-administrator users. The vulnerability affects versions of Organizr prior to 2.1.1810, and a patch has been released to address the issue.

Impact et Scénarios d'Attaquetraduction en cours…

The impact of CVE-2022-1347 is severe due to the potential for complete account takeover. An attacker exploiting this vulnerability can inject arbitrary JavaScript code into the application, which will then be executed in the context of a user's browser when they view the affected page. Specifically, the vulnerability targets administrator and co-administrator accounts, granting an attacker full control over the Organizr instance. This could allow them to modify organizational charts, access sensitive data, and potentially compromise other systems connected to the Organizr server. The ease of exploitation, combined with the high privileges at risk, makes this a significant threat.

Contexte d'Exploitationtraduction en cours…

CVE-2022-1347 was publicly disclosed on April 13, 2022. While no active exploitation campaigns have been definitively linked to this vulnerability, the ease of exploitation and the potential for significant impact make it a likely target. There are publicly available proof-of-concept (POC) exploits demonstrating the vulnerability. It is recommended to prioritize remediation to prevent potential compromise.

Qui Est à Risquetraduction en cours…

Organizations using self-hosted instances of Organizr, particularly those with administrator or co-administrator accounts that are not adequately protected by multi-factor authentication, are at significant risk. Shared hosting environments where multiple users share the same server and database are also particularly vulnerable, as a compromise of one user could potentially lead to the compromise of others.

Étapes de Détectiontraduction en cours…

• php / web:

curl -I 'http://your-organizr-instance/admin/users/create?username=<script>alert(1)</script>' | grep -i 'content-type'

• generic web:

curl -I 'http://your-organizr-instance/admin/users/create?username=<script>alert(1)</script>' | grep -i 'set-cookie'

• generic web:

 grep -r '<script>' /var/www/html/organizr/*

Chronologie de l'Attaque

  1. Disclosure

    disclosure

  2. Patch

    patch

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetÉlevée

EPSS

0.46% (percentile 64%)

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.6CRITICALAttack VectorNetworkComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredNoneNiveau d'authentification requisUser InteractionRequiredSi une action de la victime est requiseScopeChangedImpact au-delà du composant affectéConfidentialityHighRisque d'exposition de données sensiblesIntegrityHighRisque de modification non autorisée de donnéesAvailabilityHighRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Aucun — sans authentification. Aucune identifiant requis pour exploiter.
User Interaction
Requise — la victime doit ouvrir un fichier, cliquer sur un lien ou visiter une page.
Scope
Modifié — l'attaque peut pivoter au-delà du composant vulnérable.
Confidentiality
Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
Integrity
Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
Availability
Élevé — panne complète ou épuisement des ressources. Déni de service total.

Logiciel Affecté

Composantorganizr
Fournisseurcausefx
Plage affectéeCorrigé dans
unspecified – 2.1.18102.1.1810

Classification de Faiblesse (CWE)

CWE-79

Chronologie

  1. Réservé
  2. Publiée
  3. Modifiée
  4. EPSS mis à jour

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2022-1347 is to upgrade Organizr to version 2.1.1810 or later, which contains the fix for this vulnerability. If upgrading immediately is not possible, consider implementing input validation and sanitization on the "Username" and "Email" fields to prevent the injection of malicious scripts. While not a complete solution, a Web Application Firewall (WAF) configured to block XSS payloads targeting these fields can provide an additional layer of defense. After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into the "Username" or "Email" fields and confirming that the script is not executed.

Comment corrigertraduction en cours…

Actualice Organizr a la versión 2.1.1810 o superior. Esta versión corrige la vulnerabilidad XSS almacenada en los campos 'Username' y 'Email', previniendo la posible toma de control de cuentas de administradores y co-administradores.

Newsletter Sécurité CVE

Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.

Questions fréquentestraduction en cours…

What is CVE-2022-1347 — XSS in Organizr?

CVE-2022-1347 is a critical stored XSS vulnerability in Organizr versions prior to 2.1.1810, allowing attackers to inject malicious scripts via the 'Username' and 'Email' fields.

Am I affected by CVE-2022-1347 in Organizr?

You are affected if you are running Organizr version 2.1.1810 or earlier. Check your version and upgrade immediately if vulnerable.

How do I fix CVE-2022-1347 in Organizr?

Upgrade Organizr to version 2.1.1810 or later to patch the vulnerability. Consider input validation as a temporary workaround.

Is CVE-2022-1347 being actively exploited?

While no confirmed active exploitation campaigns are publicly known, the vulnerability's ease of exploitation makes it a potential target. Proactive remediation is recommended.

Where can I find the official Organizr advisory for CVE-2022-1347?

Refer to the official Organizr GitHub repository for updates and security advisories: https://github.com/causefx/organizr

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE