無料スキャン
CRITICALCVE-2022-1346CVSS 9

Multiple Stored XSS in causefx/organizr

翻訳中…

プラットフォーム

other

コンポーネント

organizr

修正版

2.1.1810

AI Confidence: highNVDEPSS 0.4%レビュー済み: 2026年5月
NVDで見る
保存
あなたの言語に翻訳中…

CVE-2022-1346 describes multiple stored Cross-Site Scripting (XSS) vulnerabilities within the causefx/organizr GitHub repository. These vulnerabilities allow attackers to inject malicious scripts into the application, potentially compromising user accounts and sensitive data. The vulnerability affects versions of Organizr up to and including 2.1.1810. A fix has been released in version 2.1.1810.

影響と攻撃シナリオ翻訳中…

The XSS vulnerabilities in Organizr allow an attacker to inject arbitrary JavaScript code into the application's interface. This code executes within the context of the user's browser, granting the attacker the ability to steal session cookies, redirect users to malicious websites, or deface the application. Successful exploitation could lead to complete account takeover, unauthorized access to sensitive information, and further compromise of the user's system. The impact is particularly severe given the potential for widespread user compromise if Organizr is deployed within an organization.

悪用の状況翻訳中…

CVE-2022-1346 was publicly disclosed on April 13, 2022. While no active exploitation campaigns have been definitively linked to this vulnerability, the CRITICAL severity and ease of exploitation make it a high-priority target. No public proof-of-concept exploits were immediately available, but the nature of XSS vulnerabilities means that such exploits are likely to emerge. This CVE is not currently listed on CISA KEV.

リスク対象者翻訳中…

Organizations and individuals using Organizr for task management and organization are at risk. This includes teams relying on the application for project tracking, personal users utilizing it for to-do lists, and potentially shared hosting environments where multiple users share the same instance of Organizr.

検出手順翻訳中…

• generic web: Check for suspicious JavaScript code in the application's source code or rendered HTML. Use browser developer tools to inspect network requests and responses for unexpected scripts. • generic web: Examine access and error logs for patterns indicative of XSS attempts, such as unusual characters or script tags in user input. • generic web: Use curl/wget to test various input fields with basic XSS payloads (e.g., <script>alert(1)</script>) and observe the response for script execution.

攻撃タイムライン

  1. Disclosure

    disclosure

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
インターネット露出

EPSS

0.37% (59% パーセンタイル)

CVSS ベクトル

脅威インテリジェンス· CVSS 3.1CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.0CRITICALAttack VectorNetwork攻撃者がターゲットに到達する方法Attack ComplexityLow悪用に必要な条件Privileges RequiredLow攻撃に必要な認証レベルUser InteractionRequired被害者の操作が必要かどうかScopeChanged影響コンポーネント外への波及ConfidentialityHigh機密データ漏洩のリスクIntegrityHigh不正データ改ざんのリスクAvailabilityHighサービス障害のリスクnextguardhq.com · CVSS v3.1 基本スコア
これらのメトリクスの意味は?
Attack Vector
ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
Attack Complexity
低 — 特別な条件不要。安定して悪用可能。
Privileges Required
低 — 有効なユーザーアカウントがあれば十分。
User Interaction
必要 — 被害者がファイルを開く、リンクをクリックするなどのアクションが必要。
Scope
変化あり — 攻撃が脆弱なコンポーネントを超えて他のシステムに波及可能。
Confidentiality
高 — 機密性の完全喪失。全データが読み取り可能。
Integrity
高 — 任意のデータの書き込み・変更・削除が可能。
Availability
高 — 完全なクラッシュまたはリソース枯渇。完全なサービス拒否。

影響を受けるソフトウェア

コンポーネントorganizr
ベンダーcausefx
影響範囲修正版
unspecified – 2.1.18102.1.1810

弱点分類 (CWE)

CWE-79

タイムライン

  1. 予約済み
  2. 公開日
  3. 更新日
  4. EPSS 更新日

緩和策と回避策翻訳中…

The primary mitigation for CVE-2022-1346 is to immediately upgrade Organizr to version 2.1.1810 or later. If upgrading is not immediately feasible, consider implementing strict input validation and output encoding on all user-supplied data within the application. While not a complete solution, this can help reduce the attack surface. Web application firewalls (WAFs) configured with rules to detect and block XSS payloads can also provide an additional layer of defense. After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into various input fields and confirming that the script is not executed.

修正方法翻訳中…

Actualice Organizr a la versión 2.1.1810 o posterior. Esta versión contiene una corrección para la vulnerabilidad XSS almacenada. La actualización se puede realizar a través de la interfaz de administración de Organizr o descargando la última versión del repositorio de GitHub y siguiendo las instrucciones de instalación.

CVEセキュリティニュースレター

脆弱性分析と重要アラートをメールでお届けします。

よくある質問翻訳中…

What is CVE-2022-1346 — XSS in Organizr ≤2.1.1810?

CVE-2022-1346 is a critical stored XSS vulnerability in Organizr versions 2.1.1810 and earlier, allowing attackers to execute malicious scripts in user browsers.

Am I affected by CVE-2022-1346 in Organizr ≤2.1.1810?

Yes, if you are using Organizr version 2.1.1810 or earlier, you are vulnerable to this XSS attack.

How do I fix CVE-2022-1346 in Organizr ≤2.1.1810?

Upgrade Organizr to version 2.1.1810 or later to resolve the vulnerability. Implement input validation and output encoding as a temporary mitigation.

Is CVE-2022-1346 being actively exploited?

While no confirmed active exploitation campaigns are known, the CRITICAL severity makes it a likely target for attackers.

Where can I find the official Organizr advisory for CVE-2022-1346?

Refer to the causefx/organizr GitHub repository for updates and advisories related to CVE-2022-1346: https://github.com/causefx/organizr

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索