Gratis scannen
CRITICALCVE-2022-1347CVSS 9.6

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr

wordt vertaald…

Platform

php

Component

organizr

Opgelost in

2.1.1810

AI Confidence: highNVDEPSS 0.5%Beoordeeld: mei 2026
Bekijk op NVD
Opslaan
Wordt vertaald naar uw taal…

CVE-2022-1347 describes a stored Cross-Site Scripting (XSS) vulnerability discovered in Organizr, a self-hosted organizational chart tool. This vulnerability allows attackers to inject malicious scripts into the "Username" and "Email" input fields, potentially leading to account takeover of administrator and co-administrator users. The vulnerability affects versions of Organizr prior to 2.1.1810, and a patch has been released to address the issue.

Impact en Aanvalsscenarioswordt vertaald…

The impact of CVE-2022-1347 is severe due to the potential for complete account takeover. An attacker exploiting this vulnerability can inject arbitrary JavaScript code into the application, which will then be executed in the context of a user's browser when they view the affected page. Specifically, the vulnerability targets administrator and co-administrator accounts, granting an attacker full control over the Organizr instance. This could allow them to modify organizational charts, access sensitive data, and potentially compromise other systems connected to the Organizr server. The ease of exploitation, combined with the high privileges at risk, makes this a significant threat.

Uitbuitingscontextwordt vertaald…

CVE-2022-1347 was publicly disclosed on April 13, 2022. While no active exploitation campaigns have been definitively linked to this vulnerability, the ease of exploitation and the potential for significant impact make it a likely target. There are publicly available proof-of-concept (POC) exploits demonstrating the vulnerability. It is recommended to prioritize remediation to prevent potential compromise.

Wie Loopt Risicowordt vertaald…

Organizations using self-hosted instances of Organizr, particularly those with administrator or co-administrator accounts that are not adequately protected by multi-factor authentication, are at significant risk. Shared hosting environments where multiple users share the same server and database are also particularly vulnerable, as a compromise of one user could potentially lead to the compromise of others.

Detectiestappenwordt vertaald…

• php / web:

curl -I 'http://your-organizr-instance/admin/users/create?username=<script>alert(1)</script>' | grep -i 'content-type'

• generic web:

curl -I 'http://your-organizr-instance/admin/users/create?username=<script>alert(1)</script>' | grep -i 'set-cookie'

• generic web:

 grep -r '<script>' /var/www/html/organizr/*

Aanvalstijdlijn

  1. Disclosure

    disclosure

  2. Patch

    patch

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog

EPSS

0.46% (64% percentiel)

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.6CRITICALAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionRequiredOf het slachtoffer actie moet ondernemenScopeChangedImpact buiten het getroffen onderdeelConfidentialityHighRisico op blootstelling van gevoelige dataIntegrityHighRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Vereist — slachtoffer moet een bestand openen, op een link klikken of een pagina bezoeken.
Scope
Gewijzigd — aanval kan voorbij het kwetsbare component uitbreiden naar andere systemen.
Confidentiality
Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
Integrity
Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Getroffen Software

Componentorganizr
Leveranciercausefx
Getroffen bereikOpgelost in
unspecified – 2.1.18102.1.1810

Zwakheidsclassificatie (CWE)

CWE-79

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. Gewijzigd
  4. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2022-1347 is to upgrade Organizr to version 2.1.1810 or later, which contains the fix for this vulnerability. If upgrading immediately is not possible, consider implementing input validation and sanitization on the "Username" and "Email" fields to prevent the injection of malicious scripts. While not a complete solution, a Web Application Firewall (WAF) configured to block XSS payloads targeting these fields can provide an additional layer of defense. After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into the "Username" or "Email" fields and confirming that the script is not executed.

Hoe te verhelpenwordt vertaald…

Actualice Organizr a la versión 2.1.1810 o superior. Esta versión corrige la vulnerabilidad XSS almacenada en los campos 'Username' y 'Email', previniendo la posible toma de control de cuentas de administradores y co-administradores.

CVE Beveiligingsnieuwsbrief

Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.

Veelgestelde vragenwordt vertaald…

What is CVE-2022-1347 — XSS in Organizr?

CVE-2022-1347 is a critical stored XSS vulnerability in Organizr versions prior to 2.1.1810, allowing attackers to inject malicious scripts via the 'Username' and 'Email' fields.

Am I affected by CVE-2022-1347 in Organizr?

You are affected if you are running Organizr version 2.1.1810 or earlier. Check your version and upgrade immediately if vulnerable.

How do I fix CVE-2022-1347 in Organizr?

Upgrade Organizr to version 2.1.1810 or later to patch the vulnerability. Consider input validation as a temporary workaround.

Is CVE-2022-1347 being actively exploited?

While no confirmed active exploitation campaigns are publicly known, the vulnerability's ease of exploitation makes it a potential target. Proactive remediation is recommended.

Where can I find the official Organizr advisory for CVE-2022-1347?

Refer to the official Organizr GitHub repository for updates and security advisories: https://github.com/causefx/organizr

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken